US20070271189A1 - Tamper prevention and detection for video provided over a network to a client - Google Patents
Tamper prevention and detection for video provided over a network to a client Download PDFInfo
- Publication number
- US20070271189A1 US20070271189A1 US11/565,223 US56522306A US2007271189A1 US 20070271189 A1 US20070271189 A1 US 20070271189A1 US 56522306 A US56522306 A US 56522306A US 2007271189 A1 US2007271189 A1 US 2007271189A1
- Authority
- US
- United States
- Prior art keywords
- tamper event
- publisher
- client device
- tamper
- component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 52
- 230000002265 prevention Effects 0.000 title description 2
- 230000009471 action Effects 0.000 claims abstract description 72
- 238000000034 method Methods 0.000 claims abstract description 61
- 230000004044 response Effects 0.000 claims abstract description 16
- 230000007246 mechanism Effects 0.000 claims description 39
- 238000004891 communication Methods 0.000 claims description 31
- 238000003860 storage Methods 0.000 claims description 29
- 238000003909 pattern recognition Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims 1
- 230000004224 protection Effects 0.000 abstract description 23
- 230000003068 static effect Effects 0.000 abstract description 9
- 230000008859 change Effects 0.000 abstract description 6
- 238000007790 scraping Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 35
- 230000006399 behavior Effects 0.000 description 31
- 238000012545 processing Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 239000000835 fiber Substances 0.000 description 3
- 210000000987 immune system Anatomy 0.000 description 3
- 230000002401 inhibitory effect Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 230000002730 additional effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003292 diminished effect Effects 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 230000003053 immunization Effects 0.000 description 1
- 238000002649 immunization Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 239000011814 protection agent Substances 0.000 description 1
- WVMLRRRARMANTD-FHLIZLRMSA-N ram-316 Chemical compound C1=CCC[C@@]2(O)[C@H]3CC4=CC=C(OC)C(O)=C4[C@]21CCN3C WVMLRRRARMANTD-FHLIZLRMSA-N 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000009469 supplementation Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/44236—Monitoring of piracy processes or activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/65—Transmission of management data between client and server
- H04N21/654—Transmission by server directed to the client
- H04N21/6543—Transmission by server directed to the client for forcing some client operations, e.g. recording
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8355—Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
Definitions
- the invention relates generally to computing security, and more particularly but not exclusively to protecting media ‘in the clear’ during a ‘digital hole’ from static and/or dynamic security attacks using a publisher/subscriber architecture.
- Broadcast television is a multi-billion dollar global market served by cable, satellite, and increasingly telecommunications companies. Broadcast television allows users to view content by tuning their television to scheduled programs or events. There is little personalization allowed. Enhanced and iTV allows far greater personalization of the TV viewing experience. Historically the security needs of the broadcast market were fulfilled by conditional access system (CAS) and more recently digital rights management (DRM) technologies.
- CAS conditional access system
- DRM digital rights management
- Video over DSL or Fiber is described as the delivery of quality MPEG video services and “on-demand” content to either an access network or to the consumer premise using a Fiber or copper infrastructure.
- This infrastructure often uses the same physical and transport protocols that are common to a computer network similar to what is found in the home or a typical business enterprise.
- IPTV Internet Protocol TeleVision
- the media is expected to be secure no matter how or where it may travel; moreover, it may be desirable to have available various payment models for the media. Therefore, it is with respect to these considerations, and others, that the present invention has been made.
- FIG. 1 shows a functional block diagram illustrating one embodiment of an environment for practicing the invention
- FIG. 2 shows one embodiment of a client device that may be included in a system implementing the invention
- FIG. 3 shows one embodiment of a server device that may be included in a system implementing the invention
- FIG. 4 shows one embodiment of a virtual smart card
- FIG. 5 shows a functional block diagram illustrating one embodiment of a general system overview of the invention
- FIG. 6 shows one embodiment of a general meta-model for use in practicing the invention
- FIG. 7 shows one embodiment of a general schema for use in practicing the invention.
- FIG. 8 illustrates a flow diagram showing one embodiment of an overview process for detecting and preventing tampering events using a publisher/subscriber architecture, in accordance with the invention.
- AES refers to Advanced Encryption Standard.
- Authentication refers to proving a component, device, person, or other entity is who/what they claim to be. Authentication is often treated as synonymous with identity. Authentication answers the question: Is this really Brian?
- Authorization (Access Control) refers to answering the question of what operations an entity is entitled to perform. Authorization answers the question: Does Brian (a fictional valid user) have permission to access that data?
- CA Conditional Access
- VSC Virtual Smart Card
- DRM Digital Rights Management is an alternative method for protecting media from theft.
- CAS is targeted at allowing or denying access to media streaming from an operator's service.
- a DRM system protects the content itself so that mere access to the content does not make the content viewable or usable.
- a DRM system normally provides content protection by encrypting the content. Once encrypted the content can then be distributed at will.
- a license file is issued to enable the user to play the content (either together with the content or when a user tries to play the clip).
- the content is encrypted only once and the encryption properties persist as the content travels between networks and on storage devices.
- ECM or Entitlement Control Messages are encrypted data that contains access constraints and content keys.
- EMM or Entitlement Management Messages are encrypted data that contains entitlements and content keys.
- a fingerprint uniquely identifies a client or server computer in the context of a system.
- a Fingerprint is made up of a number of elements specific to each fingerprint. These are hereafter called Ridges. Each Ridge is an element of a fingerprint that provides information to the fingerprint making it unique from other fingerprints. Some examples of Ridges are hardware serial numbers, operating system version numbers, internet protocol address, and physical memory size. Each Ridge added to a Fingerprint refines the identity of the system until it can be uniquely identified within a system. The combinations of the Fingerprints create the Handprint or System Fingerprint that uniquely identifies the personal computer, server, set top box or device within the system. The order of each of the fingerprint groups and individual Ridges affects the resulting Fingerprint and Handprint. This feature means that each user of the Fingerprint technology can generate a unique fingerprint and subsequent Handprint even though the core Ridge information being utilized is the same. Fingerprinting is typically done in systems where device identity is inherently weak.
- ICE refers to In-Circuit Emulators.
- the ICE chip emulator is configured to replace a given CPU with an emulated CPU and to take over control for and emulate the existing processes.
- Integrity refers to the process of ensuring that the content of a message or a store has not been changed.
- Intrusion Detection includes the process of detecting situations, which violate the security policy and other protections. This involves any number of tamper detection mechanisms. Intrusion Detection identifies situations like: Brian (a fictional valid user) is attempting to perform an unauthorized action.
- iTV or Interactive television includes multicast and unicast services like video-on-demand and personal video recorders.
- Non-Repudiation The standard approach to non-repudiation is the use of two distinct keys. One key is escrowed, and is used for non-signing functions. The second key, without a recovery mechanism, is utilized for signing. In such a model, where the user is in sole control of the signing key, non-repudiation is achieved by means of a sole owned yet verifiable secret. In cases where signing validity is critical, a separate key will need be issued, and said key will need to be the sole owned yet verifiable secret of the key holder. In any other case, the key holder could refuse the validity of the signature based on the ability of a sufficiently privileged person to replicate the secret key.
- Rapid Renewal refers to a renewal performed in hours as opposed to months. Renewal refers to a process of providing key generation and provisioning new keys or new security mechanisms to the consumer premise device.
- Secure Message Manager provides a secure medium for message exchange. It interacts with other components as required to ensure that mutual authentication of the end parties is accomplished and privacy of the messages is maintained.
- Timeliness refers to a measure of validity of data. Timeliness involves protecting against replay attacks. Is this entitlement a valid entitlement in time or order?
- the invention is directed towards a system, apparatus, and method for providing digital copy protection of media using a subscriber/publisher architecture.
- various publishers provide the protection during a digital hole, where a digital hole represents a time between a decryption and rendering of the media such that the media is ‘in the clear,’ exposed, and/or unencrypted.
- the protection may be against static as well as dynamic attacks to the media.
- the publishers may employ any of a wide variety of techniques of dynamic and/or static tamper detection, including, but not limited to ICE detectors, behavior analyzers, filter graph change detectors, screen scraping detectors, debugger detectors, pattern recognizers, trusted time masters, or the like.
- the tamper event may be published to a repository.
- the tamper event is published as an object in the repository.
- Various subscribers may subscribe to the repository.
- published tamper events may be pushed to the subscribers.
- an object manager or mediator may be employed to manage the repository by receiving tamper events, publishing them to the repository, and pushing the tamper event objects out to subscribers.
- the subscriber may perform one or more tamper response actions according to various business rules, and/or other core rules.
- the communications between subscribers, publishers, the repository, mediator, or the like is encrypted, using any of a variety of encryption mechanisms, including but not limited to Advanced Encryption Standard (AES), Data Encryption Standard (DES), or the like.
- AES Advanced Encryption Standard
- DES Data Encryption Standard
- the communications is over a secure channel using, such as Secure Socket Layer (SSL), Transport Layer Security (TLS), or the like.
- SSL Secure Socket Layer
- TLS Transport Layer Security
- the invention may be deployed as an n-tier distributed self-monitoring system with publishers and subscribers. What this means is that the components are distributed across the enterprise as required and they monitor each other to ensure healthy operational characteristics. That is, in one embodiment, one or more publishers may further monitor one or more other publishers, and or subscribers to ensure that they are not tampered with.
- the invention is configured to prevent users from purchasing a movie, program, or other media, and recording it for redistribution.
- the invention includes a software component that may integrate seamlessly with a VSC client.
- the invention provides tamper evidence, intrusion detection and a tamper monitoring capability for open or semi-open client environments. It prevents data packets from being captured by network stack hacking techniques, screen-scraping and VCR like utilities, in-circuit emulators (hardware or software), and other common hacking tools. There are several lines of defense against hack attempts including both active and passive measures to monitor for hacking tools and the behavior characteristics the tools exhibit. Responses to detected hack attempts are based on business rules associated with content or the service and include service interruption, revocation, key renewal, or more aggressive responses.
- features of the invention includes, but are not limited to, providing rule-based copy protection (detection, resistance, and response); providing selectable Client Device digital output control; enabling removable media protection; providing tamper response that can be integrated with hardware tamper detection; enabling protection against debuggers & In-Circuit emulators; providing remote access, digital recorder and screen scraper protection.
- rule-based copy protection detection, resistance, and response
- Client Device digital output control includes, but are not limited to, providing selectable Client Device digital output control; enabling removable media protection; providing tamper response that can be integrated with hardware tamper detection; enabling protection against debuggers & In-Circuit emulators; providing remote access, digital recorder and screen scraper protection.
- digital output may remain encrypted.
- conditional access system or a DRM For a conditional access system or a DRM to be considered secure it is expected to have the following characteristics: Privacy (Confidentiality), Integrity, Timeliness, Access Control (Authorization), and Authentication (Identity).
- Privacy Constantiality
- Integrity Integrity
- Timeliness Timeliness
- Access Control Authorization
- Authentication Identity
- a common way that the hacker uses to hack a Client Device is from the inside. In this case, they may use special tools similar to the screen scrapers or stream scrapers (stream recorders) that they have installed on the PC or STB. Another common way is hacking the computer or the CPU from the outside by using special tools such as VNC or PC Anywhere. Yet another common way is to hack the computer or the CPU by using special tools similar to the Terminal Services. Moreover, still another way is to obtain access to the software and/or hardware that controls digital media and making the necessary changes.
- the invention may analyze the static and dynamic behaviors of a system and the existing processes on a consumer device.
- This process of behavior analysis is similar to the principle of so-called Artificial Immune System (AIS).
- AIS Artificial Immune System
- the process of behavior analysis has certain similarities to the Authentication System as well.
- the concept behind the invention supposes that the behavior of a “normal” system and its processes are different from the behavior of an “abnormal” system and its processes. Identifying these differences by the invention, then enables it to perform a proper analysis of the data and take security measures based on business rules.
- FIG. 1 shows a functional block diagram illustrating one embodiment of operating environment 100 in which the invention may be implemented.
- Operating environment 100 is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the present invention. Thus, other well-known environments and configurations may be employed without departing from the scope or spirit of the present invention.
- operating environment 100 includes media provider 102 , network 104 , and clients 106 - 108 .
- Network 104 is in communication with media provider 102 and clients 106 - 108 .
- media provider 102 includes computing devices configured for use by producers, developers, and owners of media that can be distributed to client devices 106 - 108 .
- Such media includes, but is not limited to motion pictures, movies, videos, music, PPV, VoD, interactive media, audios, still images, text, graphics, and other forms of digital media directed towards a user of a Client Device, such as Client Devices 106 - 108 .
- Media provider 102 may also include businesses, systems, and the like that obtain rights from a media owner to copy and distribute the media.
- Media provider 102 may obtain the rights to copy and distribute from one or more media owners.
- Media provider 102 may repackage, store, and schedule media for subsequent sale, distribution, and license to other media providers, users of client devices 106 - 108 , and the like.
- Media provider 102 may also be configured to provide at least a portion of copy protection functionality using publishers, subscribers, or the like.
- media provider 102 may provide to client devices 106 - 108 a publisher component configured to monitor for various tampering actions on the client device.
- media provider 102 may also provide one or more subscribers to client devices 106 - 108 for use in consuming tamper events that may be generated by one or more of the publishers. The subscriber provided may then apply various business rules to determine an appropriate action, including sending a message, terminating access to media, or the like.
- media provider 102 or another server (not shown) may also provide VSC software.
- media provider 102 may employ virtually any mechanism to communicate media, including, but not limited to a data communications line, virtually any storage device, including a CD, a DVD, floppy diskette, magnetic tape, and the like.
- the media may be encrypted using any of a variety of encryption techniques. Similarly, the media may also be unencrypted.
- Devices that may operate as media provider 102 include personal computers desktop computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, servers, and the like.
- Network 104 is configured to couple one computing device to another computing device to enable them to communicate.
- Network 104 is enabled to employ any form of computer readable media for communicating information from one electronic device to another.
- network 104 may include a wireless interface, and/or a wired interface, such as the Internet, in addition to local area networks (LANs), wide area networks (WANs), direct connections, such as through a universal serial bus (USB) port, other forms of computer-readable media, or any combination thereof.
- LANs local area networks
- WANs wide area networks
- USB universal serial bus
- a router acts as a link between LANs, enabling messages to be sent from one to another.
- communication links within LANs typically include twisted wire pair or coaxial cable
- communication links between networks may utilize analog telephone lines, full or fractional dedicated digital lines including T1, T2, T3, and T4, Integrated Services Digital Networks (ISDNs), Digital Subscriber Lines (DSLs), wireless links including satellite links, or other communications links known to those skilled in the art.
- ISDNs Integrated Services Digital Networks
- DSLs Digital Subscriber Lines
- remote computers and other related electronic devices could be remotely connected to either LANs or WANs via a modem and temporary telephone link.
- network 104 includes any communication method by which information may travel between Client Devices 106 - 108 and media provider 102 .
- Computer-readable media includes any media that can be accessed by a computing device.
- Computer-readable media may include computer storage media, communication media, or any combination thereof.
- communication media typically embodies computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, data signal, or other transport mechanism and includes any information delivery media.
- modulated data signal and “carrier-wave signal” includes a signal that has one or more of its characteristics set or changed in such a manner as to encode information, instructions, data, and the like, in the signal.
- communication media includes wired media such as twisted pair, coaxial cable, fiber optics, wave guides, and other wired media and wireless media such as acoustic, RF, infrared, and other wireless media.
- Client Devices 106 - 108 may include virtually any computing device capable of receiving media over a network, such as network 104 , from another computing device, such as media provider 102 .
- Client Devices 106 - 108 may also include any device capable of receiving the media employing other mechanisms, including, but not limited to CDs, DVDs, tape, electronic memory devices, and the like.
- the set of such devices may include devices that typically connect using a wired communications medium such as personal computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, and the like.
- the set of such devices may also include devices that typically connect using a wireless communications medium such as cell phones, smart phones, pagers, walkie talkies, radio frequency (RF) devices, infrared (IR) devices, CBs, integrated devices combining one or more of the preceding devices, and the like.
- Client Devices 106 - 108 may also be any device that is capable of connecting using a wired or wireless communication medium such as a Personal Digital Assistant (PDA), POCKET PC, wearable computer, and any other device that is equipped to communicate over a wired and/or wireless communication medium to receive and play content.
- PDA Personal Digital Assistant
- POCKET PC wearable computer
- Client Devices 106 - 108 may employ any of a variety of devices to enjoy such content, including, but not limited to, a computer display system, an audio system, a jukebox, set top box (STB), a television, video display device, IPTV, or the like.
- Client Devices 106 - 108 may be implemented employing a client device such as described in more detail below, in conjunction with FIG. 2 .
- Client Devices 106 - 108 may include a client that is configured to enable an end-user to receive media and to play the received content.
- the client may also provide other actions, including, but not limited to, enabling other components of the client device to execute, enable an interface with another component, device, the end-user, and the like.
- Client Devices 106 - 108 may further receive a publisher component, or the like, that is configured to monitor a characteristic of a behavior of the client device, and when a behavior is determined to be an abnormal (bad or unauthorized) behavior, the publisher component may enable an action such as through a subscriber component, or the like, to protect the media from a potentially unauthorized action.
- Such actions may include any of a variety of predetermined actions based on a policy, a rule, or the like, including turning off a network connection, turning off one or more processes, destroying or otherwise inhibiting access to content, providing a message to an end-user of the computing device, an owner of the content, or the like.
- Client Devices 106 - 108 may also receive other publisher and/or subscriber components useable to monitor components within client devices 106 - 108 and detect evidence of tampering actions. When such evidence is detected the publisher components may publish information associated with the detected events. In one embodiment, the published information is encrypted using such as AES, DES, or any of a variety of other encryption mechanisms.
- an operator may remain responsible for authorizing consumption of the media throughout an authorized service domain, such as described in FIG. 1 . This is possible beyond the traditional walls of the home because of the reach of operators today via land lines, mobile phones, wireless, wired internet or disconnected mediums, or the like. This enables at least some of the actions performed by the subscribers to be performed at a server, such as server 102 . Moreover, in system 100 the consumer may be an authorized subscriber of services from the operator, even where one of the services is the delivery of IPTV not only to the home, but beyond.
- FIG. 2 shows one embodiment of a computing device, according to one embodiment of the invention.
- Client Device 200 may include many more components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention.
- Client Device 200 may represent, for example, Client Devices 106 - 108 of FIG. 1 .
- Client Device 200 includes processing unit 212 , video display adapter 214 , and a mass memory, each in communication with each other via bus 222 .
- the mass memory generally includes RAM 216 , ROM 232 , and one or more permanent mass storage devices, such as hard disk drive 228 , tape drive, optical drive, and/or floppy disk drive.
- the mass memory stores operating system 220 for controlling the operation of Client Device 200 . Any general-purpose operating system may be employed.
- BIOS Basic input/output system
- Client Device 200 also can communicate with the Internet, or some other communications network, such as network 104 in FIG. 1 , via network interface unit 210 , which is constructed for use with various communication protocols including the TCP/IP protocol.
- Network interface unit 210 is sometimes known as a transceiver, transceiving device, or network interface card (NIC).
- Computer storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
- Examples of computer storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computing device.
- Client Device 200 may also include an SMTP handler application for transmitting and receiving e-mail, an HTTP handler application for receiving and handing HTTP requests, and an HTTPS handler application for handling secure connections.
- the HTTPS handler application may initiate communication with an external application in a secure fashion.
- Client Device 200 may also includes input/output interface 224 for communicating with external devices, such as a hand-held remote control device, mouse, keyboard, scanner, or other input devices not shown in FIG. 2 .
- client device 200 may further include additional mass storage facilities such as CD-ROM/DVD-ROM drive 226 and hard disk drive 228 .
- Hard disk drive 228 may be utilized to store, among other things, application programs, databases, client device configuration information, policy, and the like.
- the mass memory also stores program code and data.
- One or more applications 250 are loaded into mass memory and run on operating system 220 .
- Examples of application programs may include, but is not limited to transcoders, schedulers, calendars, database programs, word processing programs, HTTP programs, audio players, video players, VoD players, decoders, decrypters, PPV players, interface programs to an STB, interface programs to a television, video camera, and so forth.
- Mass storage may further include applications such as VSC 254 , publisher 256 , and subscriber 252 , each of which may be downloaded from another computing device, such as server 102 of FIG. 1 . Although only a single publisher and subscriber are illustrated, the invention is not so limited and more or less publishers and/or subscribers may also be employed.
- VSC 254 includes computer-executable code static data, and the like, that is configured to enable content protection similar to physical smart card approaches. However, unlike the physical smart card approaches, VSC 254 is configured as software that may be downloaded to enable changes in security solutions to be implemented rapidly (in seconds, minutes, or hours) at relatively low costs. This is in stark contrast to physical smart card approaches that often require new hardware to be generated and distributed. Such physical approaches typically are made available as updates about once or twice a year.
- Typical VSC 254 software may include various components including, secure stores, fingerprinting modules, secure message managers, entitlement manages, key generators, digital copy protection engines, and the like.
- VSC 254 and its components, may be configured to enable protection of received content.
- VSC 254 may be configured, in part, to employ the results of a publisher, to generate a decryption key for use in decrypting received content.
- VSC 254 may receive the decryption key from another device, or component, such as subscriber 252 .
- VSC 254 and its components may be represented by a sequence of binary data residing in mass memory.
- the sequence of binary data representing VSC 254 includes the software to be evaluated.
- the invention is not so limited, and virtually any software may be evaluated.
- One example embodiment of VSC 254 is shown in FIG. 4 .
- one or more publishers and/or subscribers may also reside within VSC 254 .
- Publisher 256 may include a mix of platform specific tamper monitor components and tamper rule engines that look for evidence of tampering actions. Such actions include, but are not limited to modifying code, such as an application, screen scraping, or similar types of hacking, whether the hacking is static and/or dynamic in nature. Examples of publishers 256 are described further below.
- the publisher 256 's components directly leverage the functionality of tamper detection hardware as well as applying software tamper detection, and/or other tamper evidence rules to the executing context. If evidence of tampering is detected by one of more publisher 256 s , publisher 256 securely “publishes” tamper events. In one embodiment, publisher 256 may publish the tamper events as objects to a repository.
- the repository may reside on a server, such as server 102 of FIG. 1 .
- one or more publisher 256 s may reside within a client device such as client devices 106 - 108 of FIG. 1 , and/or a server device such as server 102 of FIG. 1 .
- Subscriber 252 registers to “consume” the tamper events generated by one or more of the publisher 256 s .
- the subscriber clients then apply specific business rules to the events they receive. These types of rules range from simply logging events to initiating defensive action.
- one or more subscriber 252 s may reside within a client device such as client devices 106 - 108 of FIG. 1 , and/or a server device such as server 102 of FIG. 1 .
- FIG. 3 shows one embodiment of a computing device, according to one embodiment of the invention.
- Server device 300 may include many more or less components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention.
- Server device 300 may represent, for example, server 102 of FIG. 1 .
- Server device 300 includes processing unit 312 , a mass memory, and may include a video display adapter 314 , all in communication with each other via bus 322 .
- the mass memory generally includes RAM 316 , ROM 332 , and one or more permanent mass storage devices, such as hard disk drive 328 , tape drive, optical drive, and/or floppy disk drive.
- the mass memory stores operating system 320 for controlling the operation of server device 300 . Any general-purpose operating system may be employed.
- BIOS Basic input/output system
- server device 300 also can communicate with the Internet, or some other communications network, such as network 104 in FIG. 1 , via network interface unit 310 , which is constructed for use with various communication protocols including the TCP/IP protocol.
- Network interface unit 310 is sometimes known as a transceiver, transceiving device, or network interface card (NIC).
- Computer storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
- Examples of computer storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computing device.
- Server device 300 may also include an SMTP handler application for transmitting and receiving e-mail, an HTTP handler application for receiving and handing HTTP requests, and an HTTPS handler application for handling secure connections.
- the HTTPS handler application may initiate communication with an external application in a secure fashion.
- Server device 300 also may include input/output interface 324 for communicating with external devices, such as a mouse, keyboard, scanner, or other input devices not shown in FIG. 3 .
- server device 300 may further include additional mass storage facilities such as CD-ROM/DVD-ROM drive 326 and hard disk drive 328 .
- Hard disk drive 328 may be utilized to store, among other things, application programs, databases, client device configuration information, policy, and the like.
- the mass memory also stores program code and data.
- One or more applications 350 are loaded into mass memory and run on operating system 320 . Examples of application programs may include, but is not limited to transcoders, HTTP programs, and so forth.
- Mass storage may further include applications such as software detection manager (SDM) 352 .
- SDM 352 represents one embodiment of a publisher component.
- server device 300 may include other publishers, and/or subscribers, without departing from the scope or spirit of the invention.
- SDM 352 is configured to enable detection of a tampering at, such as a client device.
- SDM 352 monitors tampering of various software.
- software may include software for a virtual smart card (VSC), for example.
- VSC virtual smart card
- the invention is not so limited, and SDM 352 may also monitor for hardware tampering, operating system tampering, screen scraping, attempts to inappropriately obtain media, or the like.
- SDM 352 may periodically download to a client device a publisher, and/or subscriber for use in detecting tampering and/or responding to tamper events.
- SDM 352 may also download a publisher and/or subscriber when an initial connection is established with the client device; based on some event, condition; or the like.
- SDM 352 includes subscriber 354 that is configured to receive results from the client device that are based on execution of one or more publishers on the client device. Subscriber 354 however, may also be implemented distinct from SDM 352 , rather than being integrated within it.
- Subscriber 354 may consume tamper event results that may be generated by one or more publishers, including such as SDM 352 , publishers residing on a client device, or the like.
- subscriber 354 may receive the tamper events over a network, from, for example, the client device. However, subscriber 354 may also receive the tamper events directly from a publisher, or from accessing a repository, such as repository 358 , or the like.
- subscriber 354 may also receive tamper events through a push mechanism from a mediator, such as mediator 356 .
- mediator 356 One embodiment of a mediator is described in more detail below in conjunction with FIG. 5 .
- subscriber 354 may also employ a pull mechanism to obtain tamper events, or even a combination of push/pull mechanisms, without departing from the scope of the invention.
- Subscriber 354 may apply business rules to the events it receives. Then, based, at least in part, on the business rules, subscriber 354 may perform various actions, including, but not limited to, inhibiting sending of media to the client device, sending a message to a media owner regarding the modification, or a variety of other actions.
- Selection of which of the above, or other, mechanism for detecting a modification may be based on a variety of criteria, or the like. For example, in one embodiment, where the server device and client device are employing a one-way communication mechanism such that the client device might not be able to send information to the server device, then detection of tampering may be determined at the client device. Where the client device and server device are employing a two-way communication mechanism, then any of the above mechanisms may be employed. However, it is noted that other criteria for selecting the mechanism for detection may be used, without departing from the scope or spirit of the invention.
- FIG. 4 shows one embodiment of a virtual smart card that may be included in a system implementing the invention.
- Intrusion detection and protection agents can be applied at various points in a system employing a smart card. Typically some level of protection is provided as part of the software and/or hardware of the smart card. This is application level protection. Additionally application level detection can be hidden within the host set top box or point of deployment device. This protection can include agents that perform: In-circuit emulator detection, debugger detection, debugger resistance, memory space violation detection, and other application level piracy behavior detection. Host intrusion detect agents can also be deployed to identify intrusions from other systems on the host device.
- Some level of tamper resistance, detection, and response mechanisms may be provided by the hardware manufacturer. These hardware tamper mechanisms may allow for supplementation by software tamper protection methods.
- FIG. 5 shows a functional block diagram illustrating one embodiment of a general system overview using publishers and subscribers.
- FIG. 5 illustrates how one embodiment may perform its features and functions when used, for example, within a broadcast and iTV environment. For example, it may allow the use of secure content and processes in an un-trusted environment.
- the common solution is to create a trusted environment like a trusted operating system running on trusted hardware and the subsequent certification and registration of components, which operate in the trusted environment as trusted. If a component is not trusted it is not allowed to operate. This method reduces flexibility and may require control of all the variables in the environment.
- system 500 of FIG. 5 includes subscribers 503 and 508 , publishers 504 , and 506 - 507 , repository 504 , and an object manager (mediator) 502 .
- the subscribers 503 and 508 and publishers 504 , and 506 - 507 may be bound through a data association.
- the associations between components as well as the components themselves can be changed at run-time through the use of an authenticated and authorized process.
- the repository 504 which may be used to operate storage for logged tamper events, and/or the object manager (mediator) 502 , may reside in a client device, and/or a server device. Moreover, a portion of the repository 504 may be distributed across both a client device and a server device, without departing from the scope or spirit of the invention.
- Repository 504 may be configured to receive and manage tamper events.
- the tamper events may be structured as objects.
- Object manager (mediator) 502 may receive tamper events from one or more publishers 504 , and/or 506 - 507 , and publish the tamper events to repository 504 .
- Object manager (mediator) 502 may also use a push, and/or pull mechanism to provide the tamper events to one or more subscribers 503 and 508 .
- tamper detection mechanisms A variety of publishers may be implemented that can employ one or more of the tamper detection mechanisms, depending on the platform. It should be noted, however, that the following list of tamper detection mechanisms is not intended to be an exhaustive list of possible tamper event publishers, and other tamper detection mechanisms may be employed without departing from the scope of the invention.
- ICE Detection This intrusion detection mechanism monitors the host environment, such as client devices 106 - 108 of FIG. 1 (or even server 102 of FIG. 1 ), for behaviors that could indicate the use of an in-circuit emulator.
- In-circuit emulators may be used to aid in the debugging, or reverse engineering of a system, such as client devices 106 - 108 , processes within client devices 106 - 108 , and/or CPU's or the like, within client devices 106 - 108 .
- the ICE detector monitors for a set of behaviors that are required in order for an ICE to function correctly. When these behaviors are detected appropriate action may be taken, including inhibiting additional actions by the host environment, sending a detection message, or the like.
- the ICE detection monitor may reside in a computing device and receive a signal from a secure clock and another signal from a system clock. The ICE detection monitor may then compare the signals and if a difference between the signals exceeds a predetermined threshold, the ICE detection monitor may issue a tamper event alert.
- the signals from the secure clock and system clock are received at the beginning and at the end of a streaming media session. If a difference between the signals exceeds the predetermined threshold, system clock of the computing clock has been tampered indicating a security breach.
- the ICE detection monitor publisher may then publish a tamper event that includes such information as the type of tampering detected, when it was detected, or the like.
- ICE detection monitor mechanisms may also be employed, including, but not limited, to those that may identify operating system command changes, or the like.
- Debugger Detection This intrusion detection mechanism monitors the host environment for behaviors that could indicate the use of a debugger. This is one of the tools commonly used by “hackers” when attacking a secure system in order to gain access to content. There typically is a specific set of behaviors that are required in order for debugger to function correctly. When these behaviors are detected appropriate action is taken.
- Pattern Recognition and Decision Engine The objective of this publisher component is to provide effective intrusion detection that can be implemented in or used with existing software to identify when normal behavior is being exhibited by the software. If this publisher component is being able to detect normal behavior then it also gives us the ability to detect abnormal behavior as well. When enough abnormal behavior has been detected, the methodology will provide feedback such that action can be taken. This mechanism obtains samples of important traits needed to monitor the software. In most cases, this equates to a select number of system level calls that access important resources like reading and writing to hard drives, memory, network resources, etc. When a piece of software is running, it may produce a stream of data identifying when important traits that are to be monitored are utilized. The component creates statistical information about the trends of the traits.
- the trends of the traits are compared to known good trends to determine if they are normal. If there is not enough data to determine the trend of the traits exhibited, the result will be that the behavior is unknown. If there is enough data to make a determination, then the result will be either normal or abnormal.
- the tamper detector may recognize difficult to determine semi-repetitious and quasi-chaotic patterns and behaviors. This is mostly applied to samples where the data is dynamic. In this case accumulating a certain level of confidence before the decision will be made.
- a plurality of parameters may be selected that are associated with a process on the computing device of interest. Data may then be collected for the plurality of parameters. Delta events (a difference between event values) may be employed to generate fingerprints for at least a subset of processes on the computer device. A entropy may then be dynamically determined for the subset of processes, and if the determined entropy exceeds some value unauthorized behavior may be said to be detected.
- One embodiment of a pattern recognition and decision engine component useable as a publisher to perform such actions is described in more detail in a co-pending U.S. patent application Ser. No.
- AIS tamper detector useable as a publisher may employ behavior analysis is similar to the principle of so-called Artificial Immune System (AIS).
- AIS tamper detector is described in U.S. patent application Ser. No. 10/020,524, entitled “Method And Apparatus For Protection Of Electronic Media,” filed on Dec. 14, 2001, which is hereby incorporated by reference within in its entirety.
- AIS tamper detector a variety of detectors (e.g., sequences of different types of computer system calls) are sent to a client process and the responses are evaluated to detect the presence of an unauthorized software behavior on the client. For example a comparison between the response and the detector may be performed according to a matching rule that is associated with the detector sent.
- Unauthorized behaviors include alteration of a client process as well as simultaneously running processes that might enable unauthorized copying of protected media.
- a detector When a detector indicates unauthorized behavior, that detector may be distributed to other client processes, devices, or the like, to determined if the unauthorized behavior is detected on more than one client device, process, or the like.
- sequences of different types of computer system calls can be created to reflect known unauthorized patterns of behaviors, while in another embodiment, the sequences can be randomly generated to attempt to detect previously unseen behaviors.
- Debugger Immunity This publisher component takes advantage of the architectural limits of software systems and immunizes against the use of debuggers. During immunization attempts, if the existence of a pre-existing debugger is detected then an intrusion is reported.
- This publisher component monitors the system for processes that are not permitted to execute.
- a list of “Forbidden Processes” is introduced to the publisher through business rules. In one embodiment, these rules may be updated at setup.
- the forbidden process publisher leverages process enumeration functionality of the operating system to compare the current operating set of applications and libraries against the list of those processes. This mechanism is typically employed with behavior-based methods, as “list based only” detection is easily defeated.
- This intrusion detection mechanism monitors the system for attempts to copy media from the screen, network stack or from the display subsystem using kernel events, graphical display interface (GDI) interceptors, and/or network stack elements.
- kernel events graphical display interface (GDI) interceptors, and/or network stack elements.
- GDI graphical display interface
- Trusted Time Master This service provides a trusted (secure) time master for use by other publisher components or other authorized subscribers. This time master and its agents can be used to identify hacking attempts, maintain time sync of electronic program guides, or time sensitive security mechanisms (keys, passwords, etc.)
- Stealth Agents The concept of stealth agents has been developed in order to hide certain security mechanisms within the open host computing environments. Normal monitoring applications are monolithic in nature and subject to static and dynamic attacks. Stealth agents may monitor for various abnormal actions, including, but not limited to performing operating system commands, attempts to install, remove, and/or modify an application, operating system component, or the like. If it is determined that an attack on the system is active then responses can range from reporting and logging the activity to actively attacking the offending modules or even shutting down the system in an orderly or catastrophic manner.
- Host Intrusion Detect This mechanism may use many of the application level intrusion detection techniques described above in order to detect unwanted intrusions onto the host. In a video/audio environment where content protection post decryption is required, it may be undesirable to have someone using a second computer to remove the content and then steal the content on the second computer. This component looks for the behaviors common to remote access of video/audio content and takes appropriate action.
- the DCP Filter Graph Tamper Detector detects changes to the files that implement the filters in a VSC decryption/playback filter graph. To accommodate normal changes that occur during software upgrades, in one embodiment, a limited number of changes to the filters in the graph per time unit may be allowed. More frequent modifications, as would likely be observed during development of a hack attempt against the copy protection, may then be disallowed.
- a digital signature that includes, but is not limited to: file name, md5sum, modification time and file size, may be computed for each module in the graph. The Filter Graph Tamper Detector can determine that a filter has been modified by comparing the computed signature with its history of observed signatures.
- the history contains a time-stamped list of the unique digital signatures for each component.
- the detection sensitivity setting may, in one embodiment, be defined as a maximum number of allowed changes per some time unit. For example, two changes to each filter per day might be allowed.
- the detection sensitivity setting is configurable. Any time the change frequency exceeds the allowed level, an alert may be sent to a tamper event subscriber. In one embodiment, the alert is sent as a tamper event object that may include the unique digital signatures in the history. The information in this alert can be used to generate a “black-list” of filters that may be disallowed. In addition, decryption may be disabled or playback stopped when the change detection limit is exceeded.
- a variety of subscribers may be implemented, depending on the platform. Subscribers ‘consume’ the above described tamper events and take action according to business rules, and/or other core rules. Such subscribers may reside within the Client Device, and/or a server device to perform various actions, including, but not limited to terminating a media stream; disabling decryption of a key and/or the media; terminating a ‘forbidden’ application, activity, or action; forcing a reboot of the tampered system; signaling a component such as hardware to perform a shutdown; reporting the tamper event, for example, to an external system, operator, or the like; or even disenfranchising a subscriber to the media, or the like.
- the invention may be constructed of components bound through associations; the functionality can be scaled up or down and be enhanced as required. This enables the ability to update small sections of code to address exploits and new business requirements.
- one embodiment may act and implements itself independently as a separate software module and does not intrude or impair any applications, system or process activities. It simply watches what is going on at the security level. If a violation is detected then it intervenes at the system operations level to take necessary security measures as determined by business rules. They might include informing the user about a violation, informing the service operator about a violation, or a more aggressive response especially in the disconnected mode.
- FIG. 6 shows one embodiment of a general meta-model for use in practicing the invention.
- General meta-model 600 may be used to implement system 500 of FIG. 5 .
- the invention is not so limited, and other meta-models may be employed by the invention, without departing from the present scope or spirit of the invention.
- FIG. 7 shows one embodiment of a general schema for use in practicing the invention, in accordance with the invention. However, the invention may also employ other schemas.
- schema 700 includes event publisher 709 , and event consumer (subscriber) 710 , such as described above. Also shown, is one embodiment of a tamper event 703 that may include time information, a security descriptor, and the like. In one embodiment, root 702 provides further object oriented information about tamper event 703 , including a class, path, server information, or the like. As shown, tamper event 703 may be generated based on extrinsic events 704 , or aggregate events 705 . Extrinsic events 704 include, for example, those tamper events that may be generated by one or more event publishers. Aggregate events 705 include those tamper events that may be generated after a series of tamper events of various types have occurred.
- Intrinsic events 706 include, for example, those events that may be generated by the publisher/subscriber architecture, and include repository updates, system status, component updates, error conditions, or the like.
- FIG. 8 illustrates a flow diagram showing one embodiment of an overview process for detecting and preventing tampering events using a publisher/subscriber architecture, in accordance with the invention.
- Process 800 may be implemented within one or more components of FIG. 1 .
- publisher's actions may be implemented within one or more of clients 106 - 108
- subscriber's actions may be implemented within one or more of clients 106 - 108
- media provider 102 or the like.
- one or more publishers and/or subscribers may be provided to one or more clients 106 - 108 .
- the one or more publishers and/or subscribers may be provided while media is also provided to the clients 106 - 108 , prior to providing the media, or the like.
- Process 800 of FIG. 8 then begins, after a start block, at block 802 where a subscriber, such as those described above, subscribes to receive tamper events.
- the subscriber may provide a message, signal, or the like, over a network, channel or the like, indicating its presence.
- the subscriber may register itself with publishers, a mediator, or the like.
- the subscriber may employ digital certificates, digital signatures, or the like, to identify itself, and to register for receipt of tamper events.
- the subscriber may have been registered prior to sending the subscriber to the client. However, registration may also be performed after the subscriber is one the client.
- the one or more publishers may also register themselves to the subscribers, a repository, and/or a mediator.
- the publishers may also employ digital certificates, digital signatures, or the like.
- communications may be performed over a secure channel, using any of a variety of encryption techniques.
- Processing flows next to block 804 where one or more publishers may perform various actions to monitor for a tamper event.
- tamper detection events include, but are not limited to those described above.
- Processing then flows to decision block 806 where a determination is made whether a tamper event is detected. If a tamper event is detected, processing flows to block 808 ; otherwise, processing may branch to decision block 814 , where a determination may be made whether to terminate subscribers. If subscribers are terminated, then the subscribers may be deleted. In one embodiment, the publishers may also be deleted. Such actions may occur, for example, when the media being protected no longer needs to be protected, for various reasons, no longer resides on, or is accessible to the client, or the like. Processing may return to a calling process to perform other actions. If subscribers are not to be terminated, then processing may loop back to block 804 to continue monitoring for tamper events.
- the publisher may publish the detected tamper event for access by one or more subscribers.
- Publication may include publishing an identifier of the tamper event, characteristics associated with the tamper event, such as a time the tampering is detected, a client component that is determined to be tampered with, actions by the component, the media that may be affected, or the like.
- the publication of the tamper event includes publishing the tamper event to a mediator that may then provide the tamper event to a repository, and/or to one or more subscribers.
- one or more subscribers may receive the tamper event.
- the tamper event is provided using a push mechanism.
- subscribers may actively seek out to determine if a tamper event exists, using a pull mechanism.
- the tamper event may be directed to a specific subscriber, such as a subscriber configured to perform a particular action.
- the tamper event may also be published also be to one or more publishers.
- the publishers may learn about the tamper event, seek to change its monitoring mechanism, look for related tamper detection, or the like.
- the publication may be sent to publishers on a client different from the publisher that detected the tamper event at block 804 . By doing so, that other publisher may learn and perform monitoring for that specific tamper event, or even associated tamper events.
- processing continues to block 812 , where a subscriber may perform one or more actions, based on various business rules, or the like, in response to the received tamper event. For example, the subscriber may service interruption, revocation of rights, renewal of keys associated with encryption of the media, or the like. Processing then flows to decision block 814 , to perform actions as described above.
- each block of the flowchart illustration, and combinations of blocks in the flowchart illustration can be implemented by computer program instructions.
- These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks.
- the computer program instructions may be executed by a processor to cause a series of operational steps to be performed by the processor to produce a computer implemented process such that the instructions, which execute on the processor to provide steps for implementing the actions specified in the flowchart block or blocks.
- blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Technology Law (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
- The present application claims priority from provisional application Ser. No. 60/741,758 that is entitled “Tamper Prevention and Detection For Video Provided over a Network To a Client,” and filed on Dec. 2, 2005, the benefit of the earlier filing date of which is hereby claimed under 35 U.S.C. § 119 (e), and further incorporated by reference.
- The invention relates generally to computing security, and more particularly but not exclusively to protecting media ‘in the clear’ during a ‘digital hole’ from static and/or dynamic security attacks using a publisher/subscriber architecture.
- Broadcast television is a multi-billion dollar global market served by cable, satellite, and increasingly telecommunications companies. Broadcast television allows users to view content by tuning their television to scheduled programs or events. There is little personalization allowed. Enhanced and iTV allows far greater personalization of the TV viewing experience. Historically the security needs of the broadcast market were fulfilled by conditional access system (CAS) and more recently digital rights management (DRM) technologies.
- Over the last several years, cable operators, content owners, and consumer electronics companies have been innovating with the hope to expand the distribution of entertainment beyond the set top box found in millions of homes. In the cable industry today there is a major focus on developing products to allow the expansion of the authorized video service domain to encompass multiple devices throughout the home.
- Consumer electronic companies continue to innovate rapidly taking advantage of internet protocols used in home networks to move entertainment content.
- Concerns over protection of the operator's revenue streams and intellectual property rights of the content owner have slowed progress towards these goals. So much so, that numerous “digital” home security initiatives have been born. Many of these initiatives involve bridging from one link level security control to another or perhaps to a proprietary digital rights management scheme. Many of these initiatives rely on the assumption of trust between the devices and manufacturers. In a world of rapid change leading to a large amount of confusion and questions around the actual content security achieved resulting in an unrealized vision.
- At the same time content delivery to the authorized service domain (such as the home) has been steadily moving to a video distribution network that is largely dependent on IP based infrastructure. Video over DSL or Fiber is described as the delivery of quality MPEG video services and “on-demand” content to either an access network or to the consumer premise using a Fiber or copper infrastructure. This infrastructure often uses the same physical and transport protocols that are common to a computer network similar to what is found in the home or a typical business enterprise.
- Internet Protocol TeleVision (IPTV) has matured from small Telco trials since approximately the 2001 time frame into a viable and growing market with large scale deployments today. Early stage projects were often conducted without basic security mechanisms due to the size of the trials and the belief that addressability was security enough. However, recently content owners (broadcasters and studios) began enforcing the same security requirements that have been required in the MSO for years. This renewed focus on IPTV security has led to innovations that may be tapped in order to expand the authorized service domain for video into any domain readily available to the telecommunications industry (the home, the office and the mobile consumer, wherever they may roam). This includes expansion beyond the Set Top Box (STB) to personal computers, portable players, mobile phones, audio/video systems in cars and into other consumer electronic devices.
- In order for this expanded domain to be successful, the media is expected to be secure no matter how or where it may travel; moreover, it may be desirable to have available various payment models for the media. Therefore, it is with respect to these considerations, and others, that the present invention has been made.
- Non-limiting and non-exhaustive embodiments of the invention are described with reference to the following drawings. In the drawings, like reference numerals refer to like parts throughout the various figures unless otherwise specified.
- For a better understanding of the invention, reference will be made to the following Detailed Description of the Invention, which is to be read in association with the accompanying drawings, wherein:
-
FIG. 1 shows a functional block diagram illustrating one embodiment of an environment for practicing the invention; -
FIG. 2 shows one embodiment of a client device that may be included in a system implementing the invention; -
FIG. 3 shows one embodiment of a server device that may be included in a system implementing the invention; -
FIG. 4 shows one embodiment of a virtual smart card; -
FIG. 5 shows a functional block diagram illustrating one embodiment of a general system overview of the invention; -
FIG. 6 shows one embodiment of a general meta-model for use in practicing the invention; -
FIG. 7 shows one embodiment of a general schema for use in practicing the invention; and -
FIG. 8 illustrates a flow diagram showing one embodiment of an overview process for detecting and preventing tampering events using a publisher/subscriber architecture, in accordance with the invention. - The invention now will be described more fully hereinafter with reference to the accompanying drawings, which form a part hereof, and which show, by way of illustration, specific exemplary embodiments by which the invention may be practiced. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Among other things, the invention may be embodied as methods or devices. Accordingly, the invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. The following detailed description is, therefore, not to be taken in a limiting sense.
- Throughout the specification and claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise. The phrase “in one embodiment” as used herein does not necessarily refer to the same embodiment, though it may. Nor does the phrase “in another embodiment” necessarily refer to a different embodiment, although it may. As used herein, the term “or” is an inclusive “or” operator, and is equivalent to the term “and/or,” unless the context clearly dictates otherwise. The term “based on” is not exclusive and allows for being based on additional factors not described, unless the context clearly dictates otherwise. In addition, throughout the specification, the meaning of “a,” “an,” and “the” include plural references. The meaning of “in” includes “in” and “on.”
- Moreover, AES refers to Advanced Encryption Standard. Authentication refers to proving a component, device, person, or other entity is who/what they claim to be. Authentication is often treated as synonymous with identity. Authentication answers the question: Is this really Brian?
- Authorization (Access Control) refers to answering the question of what operations an entity is entitled to perform. Authorization answers the question: Does Brian (a fictional valid user) have permission to access that data?
- CAS or Conditional Access System, or simply Conditional Access (CA) includes technologies used to control access to digital television services, or the like, to authorized users by encrypting the transmitted programming. A CA system provider may supply the equipment and software to the broadcaster who then integrates the CA system into his equipment. CA may not be designed solely for TV. It can be used for digital radio broadcasts, digital data broadcasts and non-broadcast information and interactive services.
- VSC (Virtual Smart Card)—the client side a component of the invention responsible for entitlement management message processing, fingerprinting, and decryption.
- DRM—Digital Rights Management is an alternative method for protecting media from theft. CAS is targeted at allowing or denying access to media streaming from an operator's service. A DRM system on the other hand, protects the content itself so that mere access to the content does not make the content viewable or usable. A DRM system normally provides content protection by encrypting the content. Once encrypted the content can then be distributed at will. A license file is issued to enable the user to play the content (either together with the content or when a user tries to play the clip). The content is encrypted only once and the encryption properties persist as the content travels between networks and on storage devices.
- ECM or Entitlement Control Messages are encrypted data that contains access constraints and content keys. EMM or Entitlement Management Messages are encrypted data that contains entitlements and content keys.
- A fingerprint uniquely identifies a client or server computer in the context of a system. A Fingerprint is made up of a number of elements specific to each fingerprint. These are hereafter called Ridges. Each Ridge is an element of a fingerprint that provides information to the fingerprint making it unique from other fingerprints. Some examples of Ridges are hardware serial numbers, operating system version numbers, internet protocol address, and physical memory size. Each Ridge added to a Fingerprint refines the identity of the system until it can be uniquely identified within a system. The combinations of the Fingerprints create the Handprint or System Fingerprint that uniquely identifies the personal computer, server, set top box or device within the system. The order of each of the fingerprint groups and individual Ridges affects the resulting Fingerprint and Handprint. This feature means that each user of the Fingerprint technology can generate a unique fingerprint and subsequent Handprint even though the core Ridge information being utilized is the same. Fingerprinting is typically done in systems where device identity is inherently weak.
- The term “ICE” refers to In-Circuit Emulators. The ICE chip emulator is configured to replace a given CPU with an emulated CPU and to take over control for and emulate the existing processes.
- Integrity refers to the process of ensuring that the content of a message or a store has not been changed.
- Intrusion Detection includes the process of detecting situations, which violate the security policy and other protections. This involves any number of tamper detection mechanisms. Intrusion Detection identifies situations like: Brian (a fictional valid user) is attempting to perform an unauthorized action.
- iTV or Interactive television includes multicast and unicast services like video-on-demand and personal video recorders.
- Non-Repudiation—The standard approach to non-repudiation is the use of two distinct keys. One key is escrowed, and is used for non-signing functions. The second key, without a recovery mechanism, is utilized for signing. In such a model, where the user is in sole control of the signing key, non-repudiation is achieved by means of a sole owned yet verifiable secret. In cases where signing validity is critical, a separate key will need be issued, and said key will need to be the sole owned yet verifiable secret of the key holder. In any other case, the key holder could refuse the validity of the signature based on the ability of a sufficiently privileged person to replicate the secret key.
- Privacy (Confidentiality) involves keeping communication or storage of information secret. This is typically performed using encryption.
- Rapid Renewal refers to a renewal performed in hours as opposed to months. Renewal refers to a process of providing key generation and provisioning new keys or new security mechanisms to the consumer premise device.
- Secure Message Manager provides a secure medium for message exchange. It interacts with other components as required to ensure that mutual authentication of the end parties is accomplished and privacy of the messages is maintained.
- Timeliness refers to a measure of validity of data. Timeliness involves protecting against replay attacks. Is this entitlement a valid entitlement in time or order?
- Briefly stated, the invention is directed towards a system, apparatus, and method for providing digital copy protection of media using a subscriber/publisher architecture. In one embodiment, various publishers provide the protection during a digital hole, where a digital hole represents a time between a decryption and rendering of the media such that the media is ‘in the clear,’ exposed, and/or unencrypted. The protection may be against static as well as dynamic attacks to the media. The publishers may employ any of a wide variety of techniques of dynamic and/or static tamper detection, including, but not limited to ICE detectors, behavior analyzers, filter graph change detectors, screen scraping detectors, debugger detectors, pattern recognizers, trusted time masters, or the like. When a tampering event is detected by one or more of the publishers, the tamper event may be published to a repository. In one embodiment, the tamper event is published as an object in the repository. Various subscribers may subscribe to the repository. In one embodiment, published tamper events may be pushed to the subscribers. In one embodiment, an object manager or mediator may be employed to manage the repository by receiving tamper events, publishing them to the repository, and pushing the tamper event objects out to subscribers. When a subscriber receives the tamper event, the subscriber may perform one or more tamper response actions according to various business rules, and/or other core rules. In one embodiment, the communications between subscribers, publishers, the repository, mediator, or the like, is encrypted, using any of a variety of encryption mechanisms, including but not limited to Advanced Encryption Standard (AES), Data Encryption Standard (DES), or the like. In one embodiment, the communications is over a secure channel using, such as Secure Socket Layer (SSL), Transport Layer Security (TLS), or the like.
- In one embodiment, the invention may be deployed as an n-tier distributed self-monitoring system with publishers and subscribers. What this means is that the components are distributed across the enterprise as required and they monitor each other to ensure healthy operational characteristics. That is, in one embodiment, one or more publishers may further monitor one or more other publishers, and or subscribers to ensure that they are not tampered with.
- Moreover, the invention is configured to prevent users from purchasing a movie, program, or other media, and recording it for redistribution. In one embodiment, the invention includes a software component that may integrate seamlessly with a VSC client.
- The invention provides tamper evidence, intrusion detection and a tamper monitoring capability for open or semi-open client environments. It prevents data packets from being captured by network stack hacking techniques, screen-scraping and VCR like utilities, in-circuit emulators (hardware or software), and other common hacking tools. There are several lines of defense against hack attempts including both active and passive measures to monitor for hacking tools and the behavior characteristics the tools exhibit. Responses to detected hack attempts are based on business rules associated with content or the service and include service interruption, revocation, key renewal, or more aggressive responses.
- Features of the invention includes, but are not limited to, providing rule-based copy protection (detection, resistance, and response); providing selectable Client Device digital output control; enabling removable media protection; providing tamper response that can be integrated with hardware tamper detection; enabling protection against debuggers & In-Circuit emulators; providing remote access, digital recorder and screen scraper protection. When combined with an application level persistent encryption, digital output may remain encrypted.
- For a conditional access system or a DRM to be considered secure it is expected to have the following characteristics: Privacy (Confidentiality), Integrity, Timeliness, Access Control (Authorization), and Authentication (Identity). Thus one embodiment of the invention is directed towards integrity.
- Typically, when a hacker tries to compromise the media provider's intellectual property, he may utilize several different methods to achieve this goal. Regardless of the exploit used, the results of many hacking activities are nearly identical and can be generalized as follows: locating, capturing, and organizing the output files and/or streams so that can be posted on the Internet and/or a P2P network at any time.
- A common way that the hacker uses to hack a Client Device is from the inside. In this case, they may use special tools similar to the screen scrapers or stream scrapers (stream recorders) that they have installed on the PC or STB. Another common way is hacking the computer or the CPU from the outside by using special tools such as VNC or PC Anywhere. Yet another common way is to hack the computer or the CPU by using special tools similar to the Terminal Services. Moreover, still another way is to obtain access to the software and/or hardware that controls digital media and making the necessary changes.
- In spite of the available exploits, it is still possible to find a practical, single non-hardware solution based on the static and dynamic analysis related to specific system events and outputs that are a direct result of the exploits. The results obtained from such analysis could be used for Digital Copy Protection (DCP).
- Thus, the invention may analyze the static and dynamic behaviors of a system and the existing processes on a consumer device. This process of behavior analysis is similar to the principle of so-called Artificial Immune System (AIS). AIS have some similarities in recognition mechanisms to the Human Immune System that can determine number of events happened to the human body as “Self” or “Non-self.” The process of behavior analysis has certain similarities to the Authentication System as well. The concept behind the invention supposes that the behavior of a “normal” system and its processes are different from the behavior of an “abnormal” system and its processes. Identifying these differences by the invention, then enables it to perform a proper analysis of the data and take security measures based on business rules.
- Illustrative Environment
-
FIG. 1 shows a functional block diagram illustrating one embodiment of operatingenvironment 100 in which the invention may be implemented.Operating environment 100 is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the present invention. Thus, other well-known environments and configurations may be employed without departing from the scope or spirit of the present invention. - As shown in the figure, operating
environment 100 includesmedia provider 102,network 104, and clients 106-108.Network 104 is in communication withmedia provider 102 and clients 106-108. - One embodiment of
media provider 102 is described in more detail below in conjunction withFIG. 3 . Briefly, however,media provider 102 includes computing devices configured for use by producers, developers, and owners of media that can be distributed to client devices 106-108. Such media, includes, but is not limited to motion pictures, movies, videos, music, PPV, VoD, interactive media, audios, still images, text, graphics, and other forms of digital media directed towards a user of a Client Device, such as Client Devices 106-108.Media provider 102 may also include businesses, systems, and the like that obtain rights from a media owner to copy and distribute the media.Media provider 102 may obtain the rights to copy and distribute from one or more media owners.Media provider 102 may repackage, store, and schedule media for subsequent sale, distribution, and license to other media providers, users of client devices 106-108, and the like. -
Media provider 102 may also be configured to provide at least a portion of copy protection functionality using publishers, subscribers, or the like. For example, in one embodiment,media provider 102 may provide to client devices 106-108 a publisher component configured to monitor for various tampering actions on the client device. In oneembodiment media provider 102 may also provide one or more subscribers to client devices 106-108 for use in consuming tamper events that may be generated by one or more of the publishers. The subscriber provided may then apply various business rules to determine an appropriate action, including sending a message, terminating access to media, or the like. Moreover, in one embodiment,media provider 102, or another server (not shown) may also provide VSC software. - Although illustrated as employing
network 104 to communicate media to client devices 106-108, the invention is not so limited. Forexample media provider 102 may employ virtually any mechanism to communicate media, including, but not limited to a data communications line, virtually any storage device, including a CD, a DVD, floppy diskette, magnetic tape, and the like. The media may be encrypted using any of a variety of encryption techniques. Similarly, the media may also be unencrypted. - Devices that may operate as
media provider 102 include personal computers desktop computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, servers, and the like. -
Network 104 is configured to couple one computing device to another computing device to enable them to communicate.Network 104 is enabled to employ any form of computer readable media for communicating information from one electronic device to another. Also,network 104 may include a wireless interface, and/or a wired interface, such as the Internet, in addition to local area networks (LANs), wide area networks (WANs), direct connections, such as through a universal serial bus (USB) port, other forms of computer-readable media, or any combination thereof. On an interconnected set of LANs, including those based on differing architectures and protocols, a router acts as a link between LANs, enabling messages to be sent from one to another. Also, communication links within LANs typically include twisted wire pair or coaxial cable, while communication links between networks may utilize analog telephone lines, full or fractional dedicated digital lines including T1, T2, T3, and T4, Integrated Services Digital Networks (ISDNs), Digital Subscriber Lines (DSLs), wireless links including satellite links, or other communications links known to those skilled in the art. Furthermore, remote computers and other related electronic devices could be remotely connected to either LANs or WANs via a modem and temporary telephone link. In essence,network 104 includes any communication method by which information may travel between Client Devices 106-108 andmedia provider 102. - The media used to transmit information in communication links as described above illustrates one type of computer-readable media, namely communication media. Generally, computer-readable media includes any media that can be accessed by a computing device. Computer-readable media may include computer storage media, communication media, or any combination thereof.
- Additionally, communication media typically embodies computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, data signal, or other transport mechanism and includes any information delivery media. The terms “modulated data signal,” and “carrier-wave signal” includes a signal that has one or more of its characteristics set or changed in such a manner as to encode information, instructions, data, and the like, in the signal. By way of example, communication media includes wired media such as twisted pair, coaxial cable, fiber optics, wave guides, and other wired media and wireless media such as acoustic, RF, infrared, and other wireless media.
- Client Devices 106-108 may include virtually any computing device capable of receiving media over a network, such as
network 104, from another computing device, such asmedia provider 102. Client Devices 106-108 may also include any device capable of receiving the media employing other mechanisms, including, but not limited to CDs, DVDs, tape, electronic memory devices, and the like. The set of such devices may include devices that typically connect using a wired communications medium such as personal computers, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, and the like. The set of such devices may also include devices that typically connect using a wireless communications medium such as cell phones, smart phones, pagers, walkie talkies, radio frequency (RF) devices, infrared (IR) devices, CBs, integrated devices combining one or more of the preceding devices, and the like. Client Devices 106-108 may also be any device that is capable of connecting using a wired or wireless communication medium such as a Personal Digital Assistant (PDA), POCKET PC, wearable computer, and any other device that is equipped to communicate over a wired and/or wireless communication medium to receive and play content. Similarly, Client Devices 106-108 may employ any of a variety of devices to enjoy such content, including, but not limited to, a computer display system, an audio system, a jukebox, set top box (STB), a television, video display device, IPTV, or the like. Client Devices 106-108 may be implemented employing a client device such as described in more detail below, in conjunction withFIG. 2 . - Client Devices 106-108 may include a client that is configured to enable an end-user to receive media and to play the received content. The client may also provide other actions, including, but not limited to, enabling other components of the client device to execute, enable an interface with another component, device, the end-user, and the like.
- Client Devices 106-108 may further receive a publisher component, or the like, that is configured to monitor a characteristic of a behavior of the client device, and when a behavior is determined to be an abnormal (bad or unauthorized) behavior, the publisher component may enable an action such as through a subscriber component, or the like, to protect the media from a potentially unauthorized action. Such actions may include any of a variety of predetermined actions based on a policy, a rule, or the like, including turning off a network connection, turning off one or more processes, destroying or otherwise inhibiting access to content, providing a message to an end-user of the computing device, an owner of the content, or the like.
- Moreover, Client Devices 106-108 may also receive other publisher and/or subscriber components useable to monitor components within client devices 106-108 and detect evidence of tampering actions. When such evidence is detected the publisher components may publish information associated with the detected events. In one embodiment, the published information is encrypted using such as AES, DES, or any of a variety of other encryption mechanisms.
- In one embodiment, in
system 100 an operator may remain responsible for authorizing consumption of the media throughout an authorized service domain, such as described inFIG. 1 . This is possible beyond the traditional walls of the home because of the reach of operators today via land lines, mobile phones, wireless, wired internet or disconnected mediums, or the like. This enables at least some of the actions performed by the subscribers to be performed at a server, such asserver 102. Moreover, insystem 100 the consumer may be an authorized subscriber of services from the operator, even where one of the services is the delivery of IPTV not only to the home, but beyond. - Illustrative Client Device
-
FIG. 2 shows one embodiment of a computing device, according to one embodiment of the invention.Client Device 200 may include many more components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention.Client Device 200 may represent, for example, Client Devices 106-108 ofFIG. 1 . -
Client Device 200 includesprocessing unit 212,video display adapter 214, and a mass memory, each in communication with each other viabus 222. The mass memory generally includesRAM 216,ROM 232, and one or more permanent mass storage devices, such ashard disk drive 228, tape drive, optical drive, and/or floppy disk drive. The mass memorystores operating system 220 for controlling the operation ofClient Device 200. Any general-purpose operating system may be employed. Basic input/output system (“BIOS”) 218 is also provided for controlling the low-level operation ofclient device 200. As illustrated inFIG. 2 ,Client Device 200 also can communicate with the Internet, or some other communications network, such asnetwork 104 inFIG. 1 , vianetwork interface unit 210, which is constructed for use with various communication protocols including the TCP/IP protocol.Network interface unit 210 is sometimes known as a transceiver, transceiving device, or network interface card (NIC). - The mass memory as described above illustrates another type of computer-readable media, namely computer storage media. Computer storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. Examples of computer storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computing device.
-
Client Device 200 may also include an SMTP handler application for transmitting and receiving e-mail, an HTTP handler application for receiving and handing HTTP requests, and an HTTPS handler application for handling secure connections. The HTTPS handler application may initiate communication with an external application in a secure fashion. -
Client Device 200 may also includes input/output interface 224 for communicating with external devices, such as a hand-held remote control device, mouse, keyboard, scanner, or other input devices not shown inFIG. 2 . Likewise,client device 200 may further include additional mass storage facilities such as CD-ROM/DVD-ROM drive 226 andhard disk drive 228.Hard disk drive 228 may be utilized to store, among other things, application programs, databases, client device configuration information, policy, and the like. - The mass memory also stores program code and data. One or
more applications 250 are loaded into mass memory and run onoperating system 220. Examples of application programs may include, but is not limited to transcoders, schedulers, calendars, database programs, word processing programs, HTTP programs, audio players, video players, VoD players, decoders, decrypters, PPV players, interface programs to an STB, interface programs to a television, video camera, and so forth. Mass storage may further include applications such asVSC 254,publisher 256, andsubscriber 252, each of which may be downloaded from another computing device, such asserver 102 ofFIG. 1 . Although only a single publisher and subscriber are illustrated, the invention is not so limited and more or less publishers and/or subscribers may also be employed. -
VSC 254 includes computer-executable code static data, and the like, that is configured to enable content protection similar to physical smart card approaches. However, unlike the physical smart card approaches,VSC 254 is configured as software that may be downloaded to enable changes in security solutions to be implemented rapidly (in seconds, minutes, or hours) at relatively low costs. This is in stark contrast to physical smart card approaches that often require new hardware to be generated and distributed. Such physical approaches typically are made available as updates about once or twice a year. -
Typical VSC 254 software may include various components including, secure stores, fingerprinting modules, secure message managers, entitlement manages, key generators, digital copy protection engines, and the like.VSC 254, and its components, may be configured to enable protection of received content. In one embodiment,VSC 254 may be configured, in part, to employ the results of a publisher, to generate a decryption key for use in decrypting received content. In another embodiment,VSC 254 may receive the decryption key from another device, or component, such assubscriber 252. -
VSC 254 and its components may be represented by a sequence of binary data residing in mass memory. In one embodiment, the sequence of binarydata representing VSC 254 includes the software to be evaluated. However, the invention is not so limited, and virtually any software may be evaluated. One example embodiment ofVSC 254 is shown inFIG. 4 . Moreover, one or more publishers and/or subscribers may also reside withinVSC 254. -
Publisher 256 may include a mix of platform specific tamper monitor components and tamper rule engines that look for evidence of tampering actions. Such actions include, but are not limited to modifying code, such as an application, screen scraping, or similar types of hacking, whether the hacking is static and/or dynamic in nature. Examples ofpublishers 256 are described further below. Thepublisher 256's components directly leverage the functionality of tamper detection hardware as well as applying software tamper detection, and/or other tamper evidence rules to the executing context. If evidence of tampering is detected by one of more publisher 256 s,publisher 256 securely “publishes” tamper events. In one embodiment,publisher 256 may publish the tamper events as objects to a repository. In one embodiment, the repository may reside on a server, such asserver 102 ofFIG. 1 . In one embodiment, one or more publisher 256 s may reside within a client device such as client devices 106-108 ofFIG. 1 , and/or a server device such asserver 102 ofFIG. 1 . -
Subscriber 252 registers to “consume” the tamper events generated by one or more of the publisher 256 s. The subscriber clients then apply specific business rules to the events they receive. These types of rules range from simply logging events to initiating defensive action. In one embodiment, one or more subscriber 252 s may reside within a client device such as client devices 106-108 ofFIG. 1 , and/or a server device such asserver 102 ofFIG. 1 . - Illustrative Server Device
-
FIG. 3 shows one embodiment of a computing device, according to one embodiment of the invention.Server device 300 may include many more or less components than those shown. The components shown, however, are sufficient to disclose an illustrative embodiment for practicing the invention.Server device 300 may represent, for example,server 102 ofFIG. 1 . -
Server device 300 includesprocessing unit 312, a mass memory, and may include avideo display adapter 314, all in communication with each other viabus 322. The mass memory generally includesRAM 316,ROM 332, and one or more permanent mass storage devices, such ashard disk drive 328, tape drive, optical drive, and/or floppy disk drive. The mass memorystores operating system 320 for controlling the operation ofserver device 300. Any general-purpose operating system may be employed. Basic input/output system (“BIOS”) 318 is also provided for controlling the low-level operation ofserver device 300. As illustrated inFIG. 3 ,server device 300 also can communicate with the Internet, or some other communications network, such asnetwork 104 inFIG. 1 , vianetwork interface unit 310, which is constructed for use with various communication protocols including the TCP/IP protocol.Network interface unit 310 is sometimes known as a transceiver, transceiving device, or network interface card (NIC). - The mass memory as described above illustrates another type of computer-readable media, namely computer storage media. Computer storage media may include volatile, nonvolatile, removable, and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. Examples of computer storage media include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computing device.
-
Server device 300 may also include an SMTP handler application for transmitting and receiving e-mail, an HTTP handler application for receiving and handing HTTP requests, and an HTTPS handler application for handling secure connections. The HTTPS handler application may initiate communication with an external application in a secure fashion. -
Server device 300 also may include input/output interface 324 for communicating with external devices, such as a mouse, keyboard, scanner, or other input devices not shown inFIG. 3 . Likewise,server device 300 may further include additional mass storage facilities such as CD-ROM/DVD-ROM drive 326 andhard disk drive 328.Hard disk drive 328 may be utilized to store, among other things, application programs, databases, client device configuration information, policy, and the like. - The mass memory also stores program code and data. One or
more applications 350 are loaded into mass memory and run onoperating system 320. Examples of application programs may include, but is not limited to transcoders, HTTP programs, and so forth. Mass storage may further include applications such as software detection manager (SDM) 352.SDM 352 represents one embodiment of a publisher component. Moreover, although not illustrated,server device 300 may include other publishers, and/or subscribers, without departing from the scope or spirit of the invention. -
SDM 352 is configured to enable detection of a tampering at, such as a client device. In oneembodiment SDM 352 monitors tampering of various software. Such software may include software for a virtual smart card (VSC), for example. However, the invention is not so limited, andSDM 352 may also monitor for hardware tampering, operating system tampering, screen scraping, attempts to inappropriately obtain media, or the like.SDM 352 may periodically download to a client device a publisher, and/or subscriber for use in detecting tampering and/or responding to tamper events.SDM 352 may also download a publisher and/or subscriber when an initial connection is established with the client device; based on some event, condition; or the like. - In one embodiment,
SDM 352 includessubscriber 354 that is configured to receive results from the client device that are based on execution of one or more publishers on the client device.Subscriber 354 however, may also be implemented distinct fromSDM 352, rather than being integrated within it. -
Subscriber 354 may consume tamper event results that may be generated by one or more publishers, including such asSDM 352, publishers residing on a client device, or the like. In one embodiment,subscriber 354 may receive the tamper events over a network, from, for example, the client device. However,subscriber 354 may also receive the tamper events directly from a publisher, or from accessing a repository, such asrepository 358, or the like. In one embodiment,subscriber 354 may also receive tamper events through a push mechanism from a mediator, such asmediator 356. One embodiment of a mediator is described in more detail below in conjunction withFIG. 5 . Moreover,subscriber 354 may also employ a pull mechanism to obtain tamper events, or even a combination of push/pull mechanisms, without departing from the scope of the invention. -
Subscriber 354 may apply business rules to the events it receives. Then, based, at least in part, on the business rules,subscriber 354 may perform various actions, including, but not limited to, inhibiting sending of media to the client device, sending a message to a media owner regarding the modification, or a variety of other actions. - Selection of which of the above, or other, mechanism for detecting a modification may be based on a variety of criteria, or the like. For example, in one embodiment, where the server device and client device are employing a one-way communication mechanism such that the client device might not be able to send information to the server device, then detection of tampering may be determined at the client device. Where the client device and server device are employing a two-way communication mechanism, then any of the above mechanisms may be employed. However, it is noted that other criteria for selecting the mechanism for detection may be used, without departing from the scope or spirit of the invention.
-
FIG. 4 shows one embodiment of a virtual smart card that may be included in a system implementing the invention. When the virtual smart card is combined with the tamper detection technology of one embodiment, the virtual smart card becomes a highly secure mechanism. Intrusion detection and protection agents can be applied at various points in a system employing a smart card. Typically some level of protection is provided as part of the software and/or hardware of the smart card. This is application level protection. Additionally application level detection can be hidden within the host set top box or point of deployment device. This protection can include agents that perform: In-circuit emulator detection, debugger detection, debugger resistance, memory space violation detection, and other application level piracy behavior detection. Host intrusion detect agents can also be deployed to identify intrusions from other systems on the host device. In an iTV environment it is possible to deploy intrusion detection within the network to monitor for cloning of virtual smart cards and to provide trusted time preventing replay attacks. Finally in an iTV environment, where transactions are registered in the head end databases for immediate billing, the risk can be significantly diminished. - Some level of tamper resistance, detection, and response mechanisms may be provided by the hardware manufacturer. These hardware tamper mechanisms may allow for supplementation by software tamper protection methods.
-
FIG. 5 shows a functional block diagram illustrating one embodiment of a general system overview using publishers and subscribers.FIG. 5 illustrates how one embodiment may perform its features and functions when used, for example, within a broadcast and iTV environment. For example, it may allow the use of secure content and processes in an un-trusted environment. The common solution is to create a trusted environment like a trusted operating system running on trusted hardware and the subsequent certification and registration of components, which operate in the trusted environment as trusted. If a component is not trusted it is not allowed to operate. This method reduces flexibility and may require control of all the variables in the environment. - As shown,
system 500 ofFIG. 5 includessubscribers publishers 504, and 506-507,repository 504, and an object manager (mediator) 502. Thesubscribers publishers 504, and 506-507 may be bound through a data association. The associations between components as well as the components themselves can be changed at run-time through the use of an authenticated and authorized process. - In addition, the
repository 504, which may be used to operate storage for logged tamper events, and/or the object manager (mediator) 502, may reside in a client device, and/or a server device. Moreover, a portion of therepository 504 may be distributed across both a client device and a server device, without departing from the scope or spirit of the invention. -
Repository 504 may be configured to receive and manage tamper events. In one embodiment, the tamper events may be structured as objects. Object manager (mediator) 502 may receive tamper events from one ormore publishers 504, and/or 506-507, and publish the tamper events torepository 504. Object manager (mediator) 502 may also use a push, and/or pull mechanism to provide the tamper events to one ormore subscribers - Tamper Event Publishers
- A variety of publishers may be implemented that can employ one or more of the tamper detection mechanisms, depending on the platform. It should be noted, however, that the following list of tamper detection mechanisms is not intended to be an exhaustive list of possible tamper event publishers, and other tamper detection mechanisms may be employed without departing from the scope of the invention.
- ICE Detection: This intrusion detection mechanism monitors the host environment, such as client devices 106-108 of
FIG. 1 (or evenserver 102 ofFIG. 1 ), for behaviors that could indicate the use of an in-circuit emulator. In-circuit emulators may be used to aid in the debugging, or reverse engineering of a system, such as client devices 106-108, processes within client devices 106-108, and/or CPU's or the like, within client devices 106-108. This is one of the tools commonly used by “hackers” when attacking a secure system in order to gain access to content, the host environment's processes, or the like. The ICE detector monitors for a set of behaviors that are required in order for an ICE to function correctly. When these behaviors are detected appropriate action may be taken, including inhibiting additional actions by the host environment, sending a detection message, or the like. - In one embodiment, for example, the ICE detection monitor may reside in a computing device and receive a signal from a secure clock and another signal from a system clock. The ICE detection monitor may then compare the signals and if a difference between the signals exceeds a predetermined threshold, the ICE detection monitor may issue a tamper event alert. In another embodiment the signals from the secure clock and system clock are received at the beginning and at the end of a streaming media session. If a difference between the signals exceeds the predetermined threshold, system clock of the computing clock has been tampered indicating a security breach. The ICE detection monitor publisher may then publish a tamper event that includes such information as the type of tampering detected, when it was detected, or the like.
- It should be noted, however, that other ICE detection monitor mechanisms may also be employed, including, but not limited, to those that may identify operating system command changes, or the like.
- Debugger Detection: This intrusion detection mechanism monitors the host environment for behaviors that could indicate the use of a debugger. This is one of the tools commonly used by “hackers” when attacking a secure system in order to gain access to content. There typically is a specific set of behaviors that are required in order for debugger to function correctly. When these behaviors are detected appropriate action is taken.
- Pattern Recognition and Decision Engine: The objective of this publisher component is to provide effective intrusion detection that can be implemented in or used with existing software to identify when normal behavior is being exhibited by the software. If this publisher component is being able to detect normal behavior then it also gives us the ability to detect abnormal behavior as well. When enough abnormal behavior has been detected, the methodology will provide feedback such that action can be taken. This mechanism obtains samples of important traits needed to monitor the software. In most cases, this equates to a select number of system level calls that access important resources like reading and writing to hard drives, memory, network resources, etc. When a piece of software is running, it may produce a stream of data identifying when important traits that are to be monitored are utilized. The component creates statistical information about the trends of the traits. The trends of the traits are compared to known good trends to determine if they are normal. If there is not enough data to determine the trend of the traits exhibited, the result will be that the behavior is unknown. If there is enough data to make a determination, then the result will be either normal or abnormal. The tamper detector may recognize difficult to determine semi-repetitious and quasi-chaotic patterns and behaviors. This is mostly applied to samples where the data is dynamic. In this case accumulating a certain level of confidence before the decision will be made.
- For example, in one such tamper detector, a plurality of parameters may be selected that are associated with a process on the computing device of interest. Data may then be collected for the plurality of parameters. Delta events (a difference between event values) may be employed to generate fingerprints for at least a subset of processes on the computer device. A entropy may then be dynamically determined for the subset of processes, and if the determined entropy exceeds some value unauthorized behavior may be said to be detected. One embodiment of a pattern recognition and decision engine component useable as a publisher to perform such actions is described in more detail in a co-pending U.S. patent application Ser. No. 11/150,357, entitled “Apparatus, System, And Method For Protecting Content Using Fingerprinting And Real-Time Evidence Gathering,” filed Jun. 10, 2005, by Oscar Zhuk et al., which is hereby incorporated by reference in its entirety within.
- Another example of a pattern recognition tamper detector useable as a publisher may employ behavior analysis is similar to the principle of so-called Artificial Immune System (AIS). One such AIS tamper detector is described in U.S. patent application Ser. No. 10/020,524, entitled “Method And Apparatus For Protection Of Electronic Media,” filed on Dec. 14, 2001, which is hereby incorporated by reference within in its entirety. In that AIS tamper detector, a variety of detectors (e.g., sequences of different types of computer system calls) are sent to a client process and the responses are evaluated to detect the presence of an unauthorized software behavior on the client. For example a comparison between the response and the detector may be performed according to a matching rule that is associated with the detector sent. Unauthorized behaviors include alteration of a client process as well as simultaneously running processes that might enable unauthorized copying of protected media. When a detector indicates unauthorized behavior, that detector may be distributed to other client processes, devices, or the like, to determined if the unauthorized behavior is detected on more than one client device, process, or the like.
- In one embodiment, the sequences of different types of computer system calls can be created to reflect known unauthorized patterns of behaviors, while in another embodiment, the sequences can be randomly generated to attempt to detect previously unseen behaviors.
- Debugger Immunity This publisher component takes advantage of the architectural limits of software systems and immunizes against the use of debuggers. During immunization attempts, if the existence of a pre-existing debugger is detected then an intrusion is reported.
- Recorder Detection: This publisher component monitors the system for processes that are not permitted to execute. A list of “Forbidden Processes” is introduced to the publisher through business rules. In one embodiment, these rules may be updated at setup. The forbidden process publisher leverages process enumeration functionality of the operating system to compare the current operating set of applications and libraries against the list of those processes. This mechanism is typically employed with behavior-based methods, as “list based only” detection is easily defeated.
- Screen Scraper Detection: This intrusion detection mechanism monitors the system for attempts to copy media from the screen, network stack or from the display subsystem using kernel events, graphical display interface (GDI) interceptors, and/or network stack elements.
- Trusted Time Master: This service provides a trusted (secure) time master for use by other publisher components or other authorized subscribers. This time master and its agents can be used to identify hacking attempts, maintain time sync of electronic program guides, or time sensitive security mechanisms (keys, passwords, etc.)
- Stealth Agents The concept of stealth agents has been developed in order to hide certain security mechanisms within the open host computing environments. Normal monitoring applications are monolithic in nature and subject to static and dynamic attacks. Stealth agents may monitor for various abnormal actions, including, but not limited to performing operating system commands, attempts to install, remove, and/or modify an application, operating system component, or the like. If it is determined that an attack on the system is active then responses can range from reporting and logging the activity to actively attacking the offending modules or even shutting down the system in an orderly or catastrophic manner.
- Host Intrusion Detect: This mechanism may use many of the application level intrusion detection techniques described above in order to detect unwanted intrusions onto the host. In a video/audio environment where content protection post decryption is required, it may be undesirable to have someone using a second computer to remove the content and then steal the content on the second computer. This component looks for the behaviors common to remote access of video/audio content and takes appropriate action.
- Filter Graph Tamper Detector: The DCP Filter Graph Tamper Detector detects changes to the files that implement the filters in a VSC decryption/playback filter graph. To accommodate normal changes that occur during software upgrades, in one embodiment, a limited number of changes to the filters in the graph per time unit may be allowed. More frequent modifications, as would likely be observed during development of a hack attempt against the copy protection, may then be disallowed. A digital signature that includes, but is not limited to: file name, md5sum, modification time and file size, may be computed for each module in the graph. The Filter Graph Tamper Detector can determine that a filter has been modified by comparing the computed signature with its history of observed signatures. The history contains a time-stamped list of the unique digital signatures for each component. The detection sensitivity setting may, in one embodiment, be defined as a maximum number of allowed changes per some time unit. For example, two changes to each filter per day might be allowed. The detection sensitivity setting is configurable. Any time the change frequency exceeds the allowed level, an alert may be sent to a tamper event subscriber. In one embodiment, the alert is sent as a tamper event object that may include the unique digital signatures in the history. The information in this alert can be used to generate a “black-list” of filters that may be disallowed. In addition, decryption may be disabled or playback stopped when the change detection limit is exceeded.
- Tamper Event Subscribers
- A variety of subscribers may be implemented, depending on the platform. Subscribers ‘consume’ the above described tamper events and take action according to business rules, and/or other core rules. Such subscribers may reside within the Client Device, and/or a server device to perform various actions, including, but not limited to terminating a media stream; disabling decryption of a key and/or the media; terminating a ‘forbidden’ application, activity, or action; forcing a reboot of the tampered system; signaling a component such as hardware to perform a shutdown; reporting the tamper event, for example, to an external system, operator, or the like; or even disenfranchising a subscriber to the media, or the like.
- Because the invention may be constructed of components bound through associations; the functionality can be scaled up or down and be enhanced as required. This enables the ability to update small sections of code to address exploits and new business requirements.
- Since software tamper detection is currently a very dynamic area with new attack methods and countermeasures are being discovered on a regular basis. It may be impossible to predict the time and form of the next attack from the hacker community. However, through the use of a plurality of publishers and subscribers that may be readily downloaded over the network, one embodiment is dynamic and capable of frequent updates. The components are upgradeable to respond to changing threats and new hacking tools and techniques. Upgrades may be controlled remotely from the network operations center (such as
server 102 ofFIG. 1 , or the like) without any client interaction required. - Moreover, one embodiment may act and implements itself independently as a separate software module and does not intrude or impair any applications, system or process activities. It simply watches what is going on at the security level. If a violation is detected then it intervenes at the system operations level to take necessary security measures as determined by business rules. They might include informing the user about a violation, informing the service operator about a violation, or a more aggressive response especially in the disconnected mode.
-
FIG. 6 shows one embodiment of a general meta-model for use in practicing the invention. General meta-model 600 may be used to implementsystem 500 ofFIG. 5 . However, the invention is not so limited, and other meta-models may be employed by the invention, without departing from the present scope or spirit of the invention. -
FIG. 7 shows one embodiment of a general schema for use in practicing the invention, in accordance with the invention. However, the invention may also employ other schemas. - As shown in
FIG. 7 ,schema 700 includesevent publisher 709, and event consumer (subscriber) 710, such as described above. Also shown, is one embodiment of atamper event 703 that may include time information, a security descriptor, and the like. In one embodiment, root 702 provides further object oriented information abouttamper event 703, including a class, path, server information, or the like. As shown,tamper event 703 may be generated based onextrinsic events 704, oraggregate events 705.Extrinsic events 704 include, for example, those tamper events that may be generated by one or more event publishers.Aggregate events 705 include those tamper events that may be generated after a series of tamper events of various types have occurred. -
Intrinsic events 706 include, for example, those events that may be generated by the publisher/subscriber architecture, and include repository updates, system status, component updates, error conditions, or the like. - Generalized Operation
- The operation of certain aspects of the invention will now be described with respect to
FIG. 8 .FIG. 8 illustrates a flow diagram showing one embodiment of an overview process for detecting and preventing tampering events using a publisher/subscriber architecture, in accordance with the invention. -
Process 800 may be implemented within one or more components ofFIG. 1 . For example, publisher's actions may be implemented within one or more of clients 106-108, while subscriber's actions may be implemented within one or more of clients 106-108, and/ormedia provider 102, or the like. Typically, prior toprocess 800 one or more publishers and/or subscribers may be provided to one or more clients 106-108. In one embodiment, the one or more publishers and/or subscribers may be provided while media is also provided to the clients 106-108, prior to providing the media, or the like. -
Process 800 ofFIG. 8 then begins, after a start block, atblock 802 where a subscriber, such as those described above, subscribes to receive tamper events. In one embodiment, the subscriber may provide a message, signal, or the like, over a network, channel or the like, indicating its presence. In one embodiment, the subscriber may register itself with publishers, a mediator, or the like. In one embodiment, the subscriber may employ digital certificates, digital signatures, or the like, to identify itself, and to register for receipt of tamper events. In one embodiment, the subscriber may have been registered prior to sending the subscriber to the client. However, registration may also be performed after the subscriber is one the client. - In addition, the one or more publishers may also register themselves to the subscribers, a repository, and/or a mediator. In one embodiment, the publishers may also employ digital certificates, digital signatures, or the like. In one embodiment, communications may be performed over a secure channel, using any of a variety of encryption techniques.
- Processing flows next to block 804, where one or more publishers may perform various actions to monitor for a tamper event. Such tamper detection events include, but are not limited to those described above.
- Processing then flows to decision block 806 where a determination is made whether a tamper event is detected. If a tamper event is detected, processing flows to block 808; otherwise, processing may branch to decision block 814, where a determination may be made whether to terminate subscribers. If subscribers are terminated, then the subscribers may be deleted. In one embodiment, the publishers may also be deleted. Such actions may occur, for example, when the media being protected no longer needs to be protected, for various reasons, no longer resides on, or is accessible to the client, or the like. Processing may return to a calling process to perform other actions. If subscribers are not to be terminated, then processing may loop back to block 804 to continue monitoring for tamper events.
- At
block 808, the publisher may publish the detected tamper event for access by one or more subscribers. Publication may include publishing an identifier of the tamper event, characteristics associated with the tamper event, such as a time the tampering is detected, a client component that is determined to be tampered with, actions by the component, the media that may be affected, or the like. In one embodiment, the publication of the tamper event includes publishing the tamper event to a mediator that may then provide the tamper event to a repository, and/or to one or more subscribers. - Thus, at
block 810 one or more subscribers may receive the tamper event. In one embodiment, the tamper event is provided using a push mechanism. In another embodiment, subscribers may actively seek out to determine if a tamper event exists, using a pull mechanism. In one embodiment, the tamper event may be directed to a specific subscriber, such as a subscriber configured to perform a particular action. - In another embodiment, the tamper event may also be published also be to one or more publishers. In this manner, the publishers may learn about the tamper event, seek to change its monitoring mechanism, look for related tamper detection, or the like. In one embodiment, the publication may be sent to publishers on a client different from the publisher that detected the tamper event at
block 804. By doing so, that other publisher may learn and perform monitoring for that specific tamper event, or even associated tamper events. - In any event, processing continues to block 812, where a subscriber may perform one or more actions, based on various business rules, or the like, in response to the received tamper event. For example, the subscriber may service interruption, revocation of rights, renewal of keys associated with encryption of the media, or the like. Processing then flows to decision block 814, to perform actions as described above.
- It will be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by computer program instructions. These program instructions may be provided to a processor to produce a machine, such that the instructions, which execute on the processor, create means for implementing the actions specified in the flowchart block or blocks. The computer program instructions may be executed by a processor to cause a series of operational steps to be performed by the processor to produce a computer implemented process such that the instructions, which execute on the processor to provide steps for implementing the actions specified in the flowchart block or blocks.
- Accordingly, blocks of the flowchart illustration support combinations of means for performing the specified actions, combinations of steps for performing the specified actions and program instruction means for performing the specified actions. It will also be understood that each block of the flowchart illustration, and combinations of blocks in the flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified actions or steps, or combinations of special purpose hardware and computer instructions.
- The above specification, examples, and data provide a complete description of the manufacture and use of the composition of the invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the claims hereinafter appended.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/565,223 US8689016B2 (en) | 2005-12-02 | 2006-11-30 | Tamper prevention and detection for video provided over a network to a client |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US74175805P | 2005-12-02 | 2005-12-02 | |
US11/565,223 US8689016B2 (en) | 2005-12-02 | 2006-11-30 | Tamper prevention and detection for video provided over a network to a client |
Publications (2)
Publication Number | Publication Date |
---|---|
US20070271189A1 true US20070271189A1 (en) | 2007-11-22 |
US8689016B2 US8689016B2 (en) | 2014-04-01 |
Family
ID=38092964
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/565,223 Expired - Fee Related US8689016B2 (en) | 2005-12-02 | 2006-11-30 | Tamper prevention and detection for video provided over a network to a client |
Country Status (5)
Country | Link |
---|---|
US (1) | US8689016B2 (en) |
EP (1) | EP1960882A4 (en) |
CA (1) | CA2631690C (en) |
TW (1) | TWI361606B (en) |
WO (1) | WO2007065160A2 (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070234061A1 (en) * | 2006-03-30 | 2007-10-04 | Teo Wee T | System And Method For Providing Transactional Security For An End-User Device |
US20090037976A1 (en) * | 2006-03-30 | 2009-02-05 | Wee Tuck Teo | System and Method for Securing a Network Session |
US20090187763A1 (en) * | 2008-01-22 | 2009-07-23 | Authentium, Inc. | System and method for protecting data accessed through a network connection |
US20090187991A1 (en) * | 2008-01-22 | 2009-07-23 | Authentium, Inc. | Trusted secure desktop |
US20090319639A1 (en) * | 2008-06-19 | 2009-12-24 | Huawei Technologies Co., Ltd. | Content identification method and system, and scidm client and server |
US20110131652A1 (en) * | 2009-05-29 | 2011-06-02 | Autotrader.Com, Inc. | Trained predictive services to interdict undesired website accesses |
US8533818B1 (en) * | 2006-06-30 | 2013-09-10 | Symantec Corporation | Profiling backup activity |
WO2014004128A1 (en) * | 2012-06-27 | 2014-01-03 | Intel Corporation | Devices, systems, and methods for monitoring and asserting trust level using persistent trust log |
US8675518B2 (en) | 2010-02-02 | 2014-03-18 | Micorsoft Corporation | Message transport system using publication and subscription mechanisms |
US20180123865A1 (en) * | 2016-11-01 | 2018-05-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Service Interruption Reporting |
US10192076B1 (en) | 2016-08-29 | 2019-01-29 | Square, Inc. | Security housing with recesses for tamper localization |
US10251260B1 (en) | 2016-08-29 | 2019-04-02 | Square, Inc. | Circuit board to hold connector pieces for tamper detection circuit |
US10504096B1 (en) | 2017-04-28 | 2019-12-10 | Square, Inc. | Tamper detection using ITO touch screen traces |
US10595400B1 (en) | 2016-09-30 | 2020-03-17 | Square, Inc. | Tamper detection system |
US20220207132A1 (en) * | 2019-12-18 | 2022-06-30 | Oh Gyoung GWON | Content wallet device and self-sovereign identity and copyright authentication system using the same |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110026716A1 (en) * | 2008-05-02 | 2011-02-03 | Weng Sing Tang | Method And System For On-Screen Authentication Using Secret Visual Message |
CN103477363B (en) | 2011-04-12 | 2017-09-08 | 应用科学公司 | For managing the system and method donated blood |
US9703932B2 (en) * | 2012-04-30 | 2017-07-11 | Excalibur Ip, Llc | Continuous content identification of broadcast content |
US8990932B2 (en) * | 2012-06-28 | 2015-03-24 | Secureage Technology, Inc. | System and method for prevention of malware attacks on data |
DE102013107047A1 (en) * | 2013-07-04 | 2015-01-08 | Deutsche Telekom Ag | Procedure for authentication |
CN106415684B (en) * | 2014-03-03 | 2019-04-16 | Vsk电子有限公司 | Threat detection message distribution system and method |
US11426498B2 (en) | 2014-05-30 | 2022-08-30 | Applied Science, Inc. | Systems and methods for managing blood donations |
US10484752B2 (en) * | 2016-12-23 | 2019-11-19 | DISH Technologies L.L.C. | Securely paired delivery of activation codes from smart card to host set-top box |
US10484753B2 (en) | 2016-12-23 | 2019-11-19 | DISH Tchnologies L.L.C. | Securely paired delivery of activation codes from smart card to remote client set-top box |
KR20210089038A (en) | 2020-01-07 | 2021-07-15 | 삼성전자주식회사 | Electronic apparatus and method for controlling thereof |
Citations (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4535355A (en) * | 1982-06-23 | 1985-08-13 | Microdesign Limited | Method and apparatus for scrambling and unscrambling data streams using encryption and decryption |
US5144663A (en) * | 1986-04-18 | 1992-09-01 | Kudelski S.A. Fabrique D'engregistreurs Nagra | Method of interactive communication between a subscriber and a decoder of a system of pay-television and decoder thereof |
US5539450A (en) * | 1993-04-16 | 1996-07-23 | News Datacom Limited | Methods and systems for providing additional service applications in pay television |
US5592212A (en) * | 1993-04-16 | 1997-01-07 | News Datacom Ltd. | Methods and systems for non-program applications for subscriber television |
US5613002A (en) * | 1994-11-21 | 1997-03-18 | International Business Machines Corporation | Generic disinfection of programs infected with a computer virus |
US5666412A (en) * | 1994-10-03 | 1997-09-09 | News Datacom Ltd. | Secure access systems and methods utilizing two access cards |
US5805705A (en) * | 1996-01-29 | 1998-09-08 | International Business Machines Corporation | Synchronization of encryption/decryption keys in a data communication network |
US5825879A (en) * | 1996-09-30 | 1998-10-20 | Intel Corporation | System and method for copy-protecting distributed video content |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5917912A (en) * | 1995-02-13 | 1999-06-29 | Intertrust Technologies Corporation | System and methods for secure transaction management and electronic rights protection |
US5920861A (en) * | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
US5937159A (en) * | 1997-03-28 | 1999-08-10 | Data General Corporation | Secure computer system |
US5953005A (en) * | 1996-06-28 | 1999-09-14 | Sun Microsystems, Inc. | System and method for on-line multimedia access |
US5991399A (en) * | 1997-12-18 | 1999-11-23 | Intel Corporation | Method for securely distributing a conditional use private key to a trusted entity on a remote system |
US6119165A (en) * | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
US6151643A (en) * | 1996-06-07 | 2000-11-21 | Networks Associates, Inc. | Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer |
US6192354B1 (en) * | 1997-03-21 | 2001-02-20 | International Business Machines Corporation | Apparatus and method for optimizing the performance of computer tasks using multiple intelligent agents having varied degrees of domain knowledge |
US6201948B1 (en) * | 1996-05-22 | 2001-03-13 | Netsage Corporation | Agent based instruction system and method |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6327652B1 (en) * | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US6330588B1 (en) * | 1998-12-21 | 2001-12-11 | Philips Electronics North America Corporation | Verification of software agents and agent activities |
US20020001385A1 (en) * | 2000-06-30 | 2002-01-03 | Hirotsugu Kawada | Recording method and apparatus, optical disk, and computer-readable storage medium |
US20020015498A1 (en) * | 2000-02-17 | 2002-02-07 | Houlberg Christian L. | Method which uses a Non-Volatile Memory to store a crypto key and a check word for an encryption device |
US20020021805A1 (en) * | 1999-01-06 | 2002-02-21 | Schumann Robert Wilhelm | Digital content distribution system and method |
US6385596B1 (en) * | 1998-02-06 | 2002-05-07 | Liquid Audio, Inc. | Secure online music distribution system |
US20020087883A1 (en) * | 2000-11-06 | 2002-07-04 | Curt Wohlgemuth | Anti-piracy system for remotely served computer applications |
US20020089410A1 (en) * | 2000-11-13 | 2002-07-11 | Janiak Martin J. | Biometric authentication device for use with a personal digital assistant |
US20020099948A1 (en) * | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
US20020104004A1 (en) * | 2001-02-01 | 2002-08-01 | Bruno Couillard | Method and apparatus for synchronizing real-time clocks of time stamping cryptographic modules |
US6438692B2 (en) * | 1997-11-20 | 2002-08-20 | Kabushiki Kaisha Toshiba | Copy protection apparatus and information recording medium used in this copy protection apparatus |
US20020141582A1 (en) * | 2001-03-28 | 2002-10-03 | Kocher Paul C. | Content security layer providing long-term renewable security |
US20020147923A1 (en) * | 2001-01-19 | 2002-10-10 | Eyal Dotan | Method for protecting computer programs and data from hostile code |
US20030149887A1 (en) * | 2002-02-01 | 2003-08-07 | Satyendra Yadav | Application-specific network intrusion detection |
US6633918B2 (en) * | 1998-10-06 | 2003-10-14 | Realnetworks, Inc. | System and method for providing random access to a multimedia object over a network |
US6671812B1 (en) * | 1998-12-08 | 2003-12-30 | Networks Associates Technology, Inc. | Computer cleaning system, method and computer program product |
US20040064712A1 (en) * | 2002-09-27 | 2004-04-01 | Intel Corporation | Systems and methods for protecting media content |
US20040078575A1 (en) * | 2002-01-29 | 2004-04-22 | Morten Glenn A. | Method and system for end to end securing of content for video on demand |
US20040133793A1 (en) * | 1995-02-13 | 2004-07-08 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20040190717A1 (en) * | 2003-03-31 | 2004-09-30 | Victor Company Of Japan, Ltd. | Apparatus, method and program for data processing, and apparatus, method and program for tamper detection |
US20050086501A1 (en) * | 2002-01-12 | 2005-04-21 | Je-Hak Woo | Method and system for the information protection of digital content |
US6910064B1 (en) * | 2000-04-19 | 2005-06-21 | Toshiba America Information Systems, Inc. | System of delivering content on-line |
US20050257266A1 (en) * | 2003-06-11 | 2005-11-17 | Cook Randall R | Intrustion protection system utilizing layers and triggers |
US20060075225A1 (en) * | 2004-06-30 | 2006-04-06 | Flynn James P | Digital content protection for peer to peer networks |
US20060190403A1 (en) * | 2004-09-25 | 2006-08-24 | Vix Technologies Inc. | Method and Apparatus for Content Protection and Copyright Management in Digital Video Distribution |
US20060239501A1 (en) * | 2005-04-26 | 2006-10-26 | Verance Corporation | Security enhancements of digital watermarks for multi-media content |
US7218643B1 (en) * | 1998-09-30 | 2007-05-15 | Kabushiki Kaisha Toshiba | Relay device and communication device realizing contents protection procedure over networks |
US7240196B2 (en) * | 2001-06-22 | 2007-07-03 | Verimatrix, Inc. | Method and system for protecting ownership rights of digital content files |
US20100037051A1 (en) * | 2003-08-21 | 2010-02-11 | Samsung Electronics Co., Ltd. | Method for sharing rights objects between users |
US20100275270A1 (en) * | 2001-06-07 | 2010-10-28 | Contentguard Holdings, Inc. | Method and apparatus for managing the transfer of rights |
US20100274730A1 (en) * | 2001-05-31 | 2010-10-28 | Contentguard Holdings, Inc. | Rights offering and granting |
Family Cites Families (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5870474A (en) | 1995-12-04 | 1999-02-09 | Scientific-Atlanta, Inc. | Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers |
US4694489A (en) | 1983-12-22 | 1987-09-15 | Frederiksen Jeffrey E | Video transmission system |
EP0319530B1 (en) | 1987-05-22 | 1992-12-30 | KUDELSKI SA Fabrique d'enregistreurs Nagra | Magnetic or other recording device with one or more rotating engraving heads |
FR2643529B1 (en) | 1989-02-22 | 1991-06-07 | Kudelski Sa Fabr Enregistr Nag | PAID TELEVISION SYSTEM USING A MEMORY CARD ASSOCIATED WITH A DECODER |
CH682614A5 (en) | 1990-02-21 | 1993-10-15 | Kudelski Sa | Method for scrambling and unscrambling a video signal. |
CA2084575C (en) | 1991-12-31 | 1996-12-03 | Chris A. Dinallo | Personal computer with generalized data streaming apparatus for multimedia devices |
US5339413A (en) | 1992-08-21 | 1994-08-16 | International Business Machines Corporation | Data stream protocol for multimedia data streaming data processing system |
US5640546A (en) | 1993-02-23 | 1997-06-17 | Network Programs, Inc. | Composition of systems of objects by interlocking coordination, projection, and distribution |
IL106746A (en) | 1993-08-19 | 1997-02-18 | News Datacom Ltd | CATV systems |
US5774527A (en) | 1993-08-19 | 1998-06-30 | News Datacom Ltd. | Integrated telephone and cable communication networks |
NL9301784A (en) | 1993-10-14 | 1995-05-01 | Irdeto Bv | System for encrypting and decrypting digital information. |
KR950013093A (en) | 1993-10-19 | 1995-05-17 | 모리시타 요이찌 | Scramble Transfer Device and Random Number Generator |
IL107967A (en) | 1993-12-09 | 1996-12-05 | News Datacom Research Ltd | Apparatus and method for securing communication systems |
US6298441B1 (en) | 1994-03-10 | 2001-10-02 | News Datacom Ltd. | Secure document access system |
GB9407038D0 (en) | 1994-04-08 | 1994-06-01 | Amstrad Plc | Method and apparatus for transmitting and receiving encrypted signals |
US5758257A (en) | 1994-11-29 | 1998-05-26 | Herz; Frederick | System and method for scheduling broadcast of and access to video programs and other data using customer profiles |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
US5621793A (en) | 1995-05-05 | 1997-04-15 | Rubin, Bednarek & Associates, Inc. | TV set top box using GPS |
NL1000530C2 (en) | 1995-06-08 | 1996-12-10 | Defil N V Holland Intertrust A | Filtering method. |
CA2179223C (en) | 1995-06-23 | 2009-01-06 | Manfred Von Willich | Method and apparatus for controlling the operation of a signal decoder in a broadcasting system |
US6035037A (en) | 1995-08-04 | 2000-03-07 | Thomson Electronic Consumers, Inc. | System for processing a video signal via series-connected high speed signal processing smart cards |
GB9521739D0 (en) | 1995-10-24 | 1996-01-03 | Nat Transcommunications Ltd | Decoding carriers encoded using orthogonal frequency division multiplexing |
US5684876A (en) | 1995-11-15 | 1997-11-04 | Scientific-Atlanta, Inc. | Apparatus and method for cipher stealing when encrypting MPEG transport packets |
WO1997025798A1 (en) | 1996-01-11 | 1997-07-17 | Mrj, Inc. | System for controlling access and distribution of digital property |
EP0826288B1 (en) | 1996-03-18 | 2000-09-13 | News Datacom Ltd. | Smart card chaining in pay television systems |
US6049671A (en) | 1996-04-18 | 2000-04-11 | Microsoft Corporation | Method for identifying and obtaining computer software from a network computer |
US6191782B1 (en) | 1996-08-30 | 2001-02-20 | Matsushita Electric Industrial Co., Ltd. | Terminal apparatus and method for achieving interactive operations by displaying a desired piece of image information at high speed using cache memories, out of a large amount of image information sent in a one-way direction |
KR100483370B1 (en) | 1996-09-17 | 2005-04-15 | 세드나 페이턴트 서비시즈, 엘엘씨 | Set top terminal for an interactive information distribution system |
US5939975A (en) | 1996-09-19 | 1999-08-17 | Nds Ltd. | Theft prevention system and method |
US5883957A (en) | 1996-09-20 | 1999-03-16 | Laboratory Technologies Corporation | Methods and apparatus for encrypting and decrypting MIDI files |
EP0834991A1 (en) | 1996-10-02 | 1998-04-08 | Irdeto B.V. | Method for automatically searching a frequency range for signal channels in a receiver for digitally modulated signals, and receiver for applying such a method |
US6141053A (en) | 1997-01-03 | 2000-10-31 | Saukkonen; Jukka I. | Method of optimizing bandwidth for transmitting compressed video data streams |
EP0858184A3 (en) | 1997-02-07 | 1999-09-01 | Nds Limited | Digital recording protection system |
US6189097B1 (en) | 1997-03-24 | 2001-02-13 | Preview Systems, Inc. | Digital Certificate |
US6272636B1 (en) | 1997-04-11 | 2001-08-07 | Preview Systems, Inc | Digital product execution control and security |
US6073256A (en) | 1997-04-11 | 2000-06-06 | Preview Systems, Inc. | Digital product execution control |
JPH10303880A (en) | 1997-05-01 | 1998-11-13 | Digital Vision Lab:Kk | Service providing system |
US6557104B2 (en) | 1997-05-02 | 2003-04-29 | Phoenix Technologies Ltd. | Method and apparatus for secure processing of cryptographic keys |
WO1999001815A1 (en) | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Obfuscation techniques for enhancing software security |
US6009525A (en) | 1997-08-29 | 1999-12-28 | Preview Systems, Inc. | Multi-tier electronic software distribution |
US6055503A (en) | 1997-08-29 | 2000-04-25 | Preview Systems | Software program self-modification |
US6112181A (en) | 1997-11-06 | 2000-08-29 | Intertrust Technologies Corporation | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
EP0917356A1 (en) | 1997-11-17 | 1999-05-19 | CANAL+ Société Anonyme | Packet filtering |
WO1999030499A1 (en) | 1997-12-10 | 1999-06-17 | Thomson Consumer Electronics, Inc. | Method for protecting the audio/visual data across the nrss inte rface |
US7778418B1 (en) | 1998-01-08 | 2010-08-17 | Samsung Electronics Co., Ltd. | System and method for copy protection for digital signals |
EP0932124B1 (en) | 1998-01-14 | 2002-05-02 | Irdeto Access B.V. | Integrated circuit and smart card comprising such a circuit |
US6334213B1 (en) | 1998-01-20 | 2001-12-25 | Preview Systems | Merging of separate executable computer programs to form a single executable computer program |
DE19838628A1 (en) | 1998-08-26 | 2000-03-02 | Ibm | Extended smart card communication architecture and method for communication between smart card application and data carrier |
IL123554A (en) | 1998-03-04 | 2003-01-12 | Nds Ltd | Key delivery in a secure broadcasting system |
GB9806076D0 (en) | 1998-03-20 | 1998-05-20 | Nds Ltd | Improvements in or relating to the insertion and removal of smart cards |
US6459427B1 (en) | 1998-04-01 | 2002-10-01 | Liberate Technologies | Apparatus and method for web-casting over digital broadcast TV network |
US6285985B1 (en) | 1998-04-03 | 2001-09-04 | Preview Systems, Inc. | Advertising-subsidized and advertising-enabled software |
US6009401A (en) | 1998-04-06 | 1999-12-28 | Preview Systems, Inc. | Relicensing of electronically purchased software |
IL124595A (en) | 1998-05-21 | 2009-09-01 | Yossef Tsuria | Anti-piracy system |
AU4320599A (en) | 1998-05-29 | 1999-12-13 | Diva Systems Corporation | Interactive information distribution system and method |
US6311221B1 (en) | 1998-07-22 | 2001-10-30 | Appstream Inc. | Streaming modules |
IL126472A0 (en) | 1998-10-07 | 1999-08-17 | Nds Ltd | Secure communications system |
US6282650B1 (en) | 1999-01-25 | 2001-08-28 | Intel Corporation | Secure public digital watermark |
US6505299B1 (en) | 1999-03-01 | 2003-01-07 | Sharp Laboratories Of America, Inc. | Digital image scrambling for image coding systems |
US6415031B1 (en) | 1999-03-12 | 2002-07-02 | Diva Systems Corporation | Selective and renewable encryption for secure distribution of video on-demand |
JP3816689B2 (en) | 1999-03-31 | 2006-08-30 | 株式会社東芝 | Information distribution apparatus, information reception apparatus, and communication method |
US7085931B1 (en) | 1999-09-03 | 2006-08-01 | Secure Computing Corporation | Virtual smart card system and method |
EP1142343A1 (en) | 1999-10-29 | 2001-10-10 | Koninklijke Philips Electronics N.V. | Video encoding method |
US6449719B1 (en) | 1999-11-09 | 2002-09-10 | Widevine Technologies, Inc. | Process and streaming server for encrypting a data stream |
JP2001144802A (en) | 1999-11-11 | 2001-05-25 | Canon Inc | Apparatus, method and system for data communication and storag medium |
KR100378791B1 (en) | 1999-12-02 | 2003-04-07 | 엘지전자 주식회사 | Packet identifier section filter |
JP2001273430A (en) | 2000-03-27 | 2001-10-05 | Toshiba Corp | Portable electronic device and point system |
CA2305249A1 (en) | 2000-04-14 | 2001-10-14 | Branko Sarcanin | Virtual safe |
JP4596693B2 (en) | 2000-07-06 | 2010-12-08 | パナソニック株式会社 | Streaming method and system for executing the same |
US6729549B2 (en) | 2000-12-19 | 2004-05-04 | International Business Machines Corporation | System and method for personalization of smart cards |
SE0101295D0 (en) | 2001-04-10 | 2001-04-10 | Ericsson Telefon Ab L M | A method and network for delivering streaming data |
AU2002305490B2 (en) | 2001-05-09 | 2008-11-06 | Sca Ipla Holdings, Inc. | Systems and methods for the prevention of unauthorized use and manipulation of digital content |
US7237108B2 (en) | 2001-09-26 | 2007-06-26 | General Instrument Corporation | Encryption of streaming control protocols and their headers |
US20040151315A1 (en) | 2002-11-06 | 2004-08-05 | Kim Hee Jean | Streaming media security system and method |
-
2006
- 2006-11-30 US US11/565,223 patent/US8689016B2/en not_active Expired - Fee Related
- 2006-12-01 CA CA2631690A patent/CA2631690C/en not_active Expired - Fee Related
- 2006-12-01 WO PCT/US2006/061523 patent/WO2007065160A2/en active Application Filing
- 2006-12-01 TW TW095144669A patent/TWI361606B/en not_active IP Right Cessation
- 2006-12-01 EP EP06846442A patent/EP1960882A4/en not_active Withdrawn
Patent Citations (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4535355A (en) * | 1982-06-23 | 1985-08-13 | Microdesign Limited | Method and apparatus for scrambling and unscrambling data streams using encryption and decryption |
US5144663A (en) * | 1986-04-18 | 1992-09-01 | Kudelski S.A. Fabrique D'engregistreurs Nagra | Method of interactive communication between a subscriber and a decoder of a system of pay-television and decoder thereof |
US5539450A (en) * | 1993-04-16 | 1996-07-23 | News Datacom Limited | Methods and systems for providing additional service applications in pay television |
US5592212A (en) * | 1993-04-16 | 1997-01-07 | News Datacom Ltd. | Methods and systems for non-program applications for subscriber television |
US5666412A (en) * | 1994-10-03 | 1997-09-09 | News Datacom Ltd. | Secure access systems and methods utilizing two access cards |
US5774546A (en) * | 1994-10-03 | 1998-06-30 | News Datacom Ltd. | Secure access system utilizing an access card having more than one embedded integrated circuit and/or plurality of security levels |
US5613002A (en) * | 1994-11-21 | 1997-03-18 | International Business Machines Corporation | Generic disinfection of programs infected with a computer virus |
US5917912A (en) * | 1995-02-13 | 1999-06-29 | Intertrust Technologies Corporation | System and methods for secure transaction management and electronic rights protection |
US20040133793A1 (en) * | 1995-02-13 | 2004-07-08 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5805705A (en) * | 1996-01-29 | 1998-09-08 | International Business Machines Corporation | Synchronization of encryption/decryption keys in a data communication network |
US6201948B1 (en) * | 1996-05-22 | 2001-03-13 | Netsage Corporation | Agent based instruction system and method |
US6151643A (en) * | 1996-06-07 | 2000-11-21 | Networks Associates, Inc. | Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer |
US5953005A (en) * | 1996-06-28 | 1999-09-14 | Sun Microsystems, Inc. | System and method for on-line multimedia access |
US5892900A (en) * | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5825879A (en) * | 1996-09-30 | 1998-10-20 | Intel Corporation | System and method for copy-protecting distributed video content |
US5920861A (en) * | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
US6192354B1 (en) * | 1997-03-21 | 2001-02-20 | International Business Machines Corporation | Apparatus and method for optimizing the performance of computer tasks using multiple intelligent agents having varied degrees of domain knowledge |
US5937159A (en) * | 1997-03-28 | 1999-08-10 | Data General Corporation | Secure computer system |
US6119165A (en) * | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
US6438692B2 (en) * | 1997-11-20 | 2002-08-20 | Kabushiki Kaisha Toshiba | Copy protection apparatus and information recording medium used in this copy protection apparatus |
US5991399A (en) * | 1997-12-18 | 1999-11-23 | Intel Corporation | Method for securely distributing a conditional use private key to a trusted entity on a remote system |
US6385596B1 (en) * | 1998-02-06 | 2002-05-07 | Liquid Audio, Inc. | Secure online music distribution system |
US7218643B1 (en) * | 1998-09-30 | 2007-05-15 | Kabushiki Kaisha Toshiba | Relay device and communication device realizing contents protection procedure over networks |
US6633918B2 (en) * | 1998-10-06 | 2003-10-14 | Realnetworks, Inc. | System and method for providing random access to a multimedia object over a network |
US6327652B1 (en) * | 1998-10-26 | 2001-12-04 | Microsoft Corporation | Loading and identifying a digital rights management operating system |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6671812B1 (en) * | 1998-12-08 | 2003-12-30 | Networks Associates Technology, Inc. | Computer cleaning system, method and computer program product |
US6330588B1 (en) * | 1998-12-21 | 2001-12-11 | Philips Electronics North America Corporation | Verification of software agents and agent activities |
US20020021805A1 (en) * | 1999-01-06 | 2002-02-21 | Schumann Robert Wilhelm | Digital content distribution system and method |
US20020099948A1 (en) * | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
US20020015498A1 (en) * | 2000-02-17 | 2002-02-07 | Houlberg Christian L. | Method which uses a Non-Volatile Memory to store a crypto key and a check word for an encryption device |
US6910064B1 (en) * | 2000-04-19 | 2005-06-21 | Toshiba America Information Systems, Inc. | System of delivering content on-line |
US20020001385A1 (en) * | 2000-06-30 | 2002-01-03 | Hirotsugu Kawada | Recording method and apparatus, optical disk, and computer-readable storage medium |
US20020087883A1 (en) * | 2000-11-06 | 2002-07-04 | Curt Wohlgemuth | Anti-piracy system for remotely served computer applications |
US20020089410A1 (en) * | 2000-11-13 | 2002-07-11 | Janiak Martin J. | Biometric authentication device for use with a personal digital assistant |
US20020147923A1 (en) * | 2001-01-19 | 2002-10-10 | Eyal Dotan | Method for protecting computer programs and data from hostile code |
US20020104004A1 (en) * | 2001-02-01 | 2002-08-01 | Bruno Couillard | Method and apparatus for synchronizing real-time clocks of time stamping cryptographic modules |
US20020141582A1 (en) * | 2001-03-28 | 2002-10-03 | Kocher Paul C. | Content security layer providing long-term renewable security |
US20100274730A1 (en) * | 2001-05-31 | 2010-10-28 | Contentguard Holdings, Inc. | Rights offering and granting |
US20100275270A1 (en) * | 2001-06-07 | 2010-10-28 | Contentguard Holdings, Inc. | Method and apparatus for managing the transfer of rights |
US7240196B2 (en) * | 2001-06-22 | 2007-07-03 | Verimatrix, Inc. | Method and system for protecting ownership rights of digital content files |
US20050086501A1 (en) * | 2002-01-12 | 2005-04-21 | Je-Hak Woo | Method and system for the information protection of digital content |
US20040078575A1 (en) * | 2002-01-29 | 2004-04-22 | Morten Glenn A. | Method and system for end to end securing of content for video on demand |
US20030149887A1 (en) * | 2002-02-01 | 2003-08-07 | Satyendra Yadav | Application-specific network intrusion detection |
US20040064712A1 (en) * | 2002-09-27 | 2004-04-01 | Intel Corporation | Systems and methods for protecting media content |
US20040190717A1 (en) * | 2003-03-31 | 2004-09-30 | Victor Company Of Japan, Ltd. | Apparatus, method and program for data processing, and apparatus, method and program for tamper detection |
US20050257266A1 (en) * | 2003-06-11 | 2005-11-17 | Cook Randall R | Intrustion protection system utilizing layers and triggers |
US20100037051A1 (en) * | 2003-08-21 | 2010-02-11 | Samsung Electronics Co., Ltd. | Method for sharing rights objects between users |
US20060075225A1 (en) * | 2004-06-30 | 2006-04-06 | Flynn James P | Digital content protection for peer to peer networks |
US20060190403A1 (en) * | 2004-09-25 | 2006-08-24 | Vix Technologies Inc. | Method and Apparatus for Content Protection and Copyright Management in Digital Video Distribution |
US20060239501A1 (en) * | 2005-04-26 | 2006-10-26 | Verance Corporation | Security enhancements of digital watermarks for multi-media content |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090037976A1 (en) * | 2006-03-30 | 2009-02-05 | Wee Tuck Teo | System and Method for Securing a Network Session |
US8434148B2 (en) | 2006-03-30 | 2013-04-30 | Advanced Network Technology Laboratories Pte Ltd. | System and method for providing transactional security for an end-user device |
US20070234061A1 (en) * | 2006-03-30 | 2007-10-04 | Teo Wee T | System And Method For Providing Transactional Security For An End-User Device |
US9112897B2 (en) | 2006-03-30 | 2015-08-18 | Advanced Network Technology Laboratories Pte Ltd. | System and method for securing a network session |
US8533818B1 (en) * | 2006-06-30 | 2013-09-10 | Symantec Corporation | Profiling backup activity |
US8918865B2 (en) | 2008-01-22 | 2014-12-23 | Wontok, Inc. | System and method for protecting data accessed through a network connection |
US20090187763A1 (en) * | 2008-01-22 | 2009-07-23 | Authentium, Inc. | System and method for protecting data accessed through a network connection |
US20090187991A1 (en) * | 2008-01-22 | 2009-07-23 | Authentium, Inc. | Trusted secure desktop |
US8225404B2 (en) | 2008-01-22 | 2012-07-17 | Wontok, Inc. | Trusted secure desktop |
US20090319639A1 (en) * | 2008-06-19 | 2009-12-24 | Huawei Technologies Co., Ltd. | Content identification method and system, and scidm client and server |
US8527651B2 (en) * | 2008-06-19 | 2013-09-03 | Huawei Technologies Co., Ltd. | Content identification method and system, and SCIDM client and server |
US20110131652A1 (en) * | 2009-05-29 | 2011-06-02 | Autotrader.Com, Inc. | Trained predictive services to interdict undesired website accesses |
US9385947B2 (en) | 2010-02-02 | 2016-07-05 | Microsoft Technology Licensing, Llc | Message transport system using publication and subscription mechanisms |
US8675518B2 (en) | 2010-02-02 | 2014-03-18 | Micorsoft Corporation | Message transport system using publication and subscription mechanisms |
CN104321780A (en) * | 2012-06-27 | 2015-01-28 | 英特尔公司 | Devices, systems, and methods for monitoring and asserting trust level using persistent trust log |
US9177129B2 (en) | 2012-06-27 | 2015-11-03 | Intel Corporation | Devices, systems, and methods for monitoring and asserting trust level using persistent trust log |
WO2014004128A1 (en) * | 2012-06-27 | 2014-01-03 | Intel Corporation | Devices, systems, and methods for monitoring and asserting trust level using persistent trust log |
US11681833B2 (en) | 2016-08-29 | 2023-06-20 | Block, Inc. | Secure electronic circuitry with tamper detection |
US10192076B1 (en) | 2016-08-29 | 2019-01-29 | Square, Inc. | Security housing with recesses for tamper localization |
US10251260B1 (en) | 2016-08-29 | 2019-04-02 | Square, Inc. | Circuit board to hold connector pieces for tamper detection circuit |
US10977393B2 (en) | 2016-08-29 | 2021-04-13 | Square, Inc. | Secure electronic circuitry with tamper detection |
US10595400B1 (en) | 2016-09-30 | 2020-03-17 | Square, Inc. | Tamper detection system |
US10348552B2 (en) * | 2016-11-01 | 2019-07-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Service interruption reporting |
US20190253307A1 (en) * | 2016-11-01 | 2019-08-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Service Interruption Reporting |
US11611465B2 (en) | 2016-11-01 | 2023-03-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Service interruption reporting |
KR102174043B1 (en) * | 2016-11-01 | 2020-11-04 | 텔레폰악티에볼라겟엘엠에릭슨(펍) | Service interruption report |
US10848369B2 (en) * | 2016-11-01 | 2020-11-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Service interruption reporting |
KR20190055157A (en) * | 2016-11-01 | 2019-05-22 | 텔레폰악티에볼라겟엘엠에릭슨(펍) | Service interruption reporting |
US20180123865A1 (en) * | 2016-11-01 | 2018-05-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Service Interruption Reporting |
US10504096B1 (en) | 2017-04-28 | 2019-12-10 | Square, Inc. | Tamper detection using ITO touch screen traces |
US11321694B2 (en) | 2017-04-28 | 2022-05-03 | Block, Inc. | Tamper detection using ITO touch screen traces |
US11386196B1 (en) * | 2019-12-18 | 2022-07-12 | Oh Gyoung GWON | Content wallet device and self-sovereign identity and copyright authentication system using the same |
US20220207132A1 (en) * | 2019-12-18 | 2022-06-30 | Oh Gyoung GWON | Content wallet device and self-sovereign identity and copyright authentication system using the same |
Also Published As
Publication number | Publication date |
---|---|
CA2631690A1 (en) | 2007-06-07 |
WO2007065160A3 (en) | 2007-12-13 |
EP1960882A4 (en) | 2012-02-01 |
TW200731730A (en) | 2007-08-16 |
TWI361606B (en) | 2012-04-01 |
EP1960882A2 (en) | 2008-08-27 |
US8689016B2 (en) | 2014-04-01 |
WO2007065160A2 (en) | 2007-06-07 |
CA2631690C (en) | 2016-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8689016B2 (en) | Tamper prevention and detection for video provided over a network to a client | |
US8055910B2 (en) | Reprogrammable security for controlling piracy and enabling interactive content | |
US8752194B2 (en) | Progressive download or streaming of digital media securely through a localized container and communication protocol proxy | |
Pretschner et al. | Usage control enforcement: Present and future | |
US20040010717A1 (en) | Apparatus and method for preventing digital media piracy | |
US11070876B2 (en) | Security monitoring with attack detection in an audio/video processing device | |
CN103026335A (en) | Device authentication for secure key retrieval for streaming media players | |
JP2008186571A (en) | Content security layer providing long-term renewable security | |
WO2007126853A2 (en) | Secure non-invasive method and system for distribution of digital assets | |
Diehl | Securing digital video: techniques for DRM and content protection | |
US20080037782A1 (en) | Reduction of channel change time for digital media devices using key management and virtual smart cards | |
US20090031144A1 (en) | Revocation message cycling in a digital transmission content protection system | |
Traw | Technical challenges of protecting digital entertainment content | |
WO2008154283A1 (en) | Methods and apparatuses for performing digital rights management (drm) in a host device through use of a downloadable drm system | |
TWI225352B (en) | Apparatus and method for preventing digital media piracy | |
US9549216B2 (en) | Client device with secure clock and methods for use therewith | |
Ruiz et al. | Security engineering and modelling of set-top boxes | |
Michéle et al. | Security & Privacy Implications | |
WO2006026056A1 (en) | Enforcing a drm / ipmp agreement in a multimedia content distribution network | |
Diehl et al. | A Tool Box | |
Peinado | Digital Rights Management and Windows Media Player | |
Kravitz | Aspects of digital rights management and the use of hardware security devices | |
AU2002367530A1 (en) | Apparatus and method for preventing digital media piracy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: WIDEVINE TECHNOLOGIES, INC., WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MORTEN, GLENN A.;HIAR, EDWARD CHARLES;JACOBS, ANDRE;AND OTHERS;REEL/FRAME:018885/0767;SIGNING DATES FROM 20061226 TO 20070122 Owner name: WIDEVINE TECHNOLOGIES, INC., WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MORTEN, GLENN A.;HIAR, EDWARD CHARLES;JACOBS, ANDRE;AND OTHERS;SIGNING DATES FROM 20061226 TO 20070122;REEL/FRAME:018885/0767 |
|
AS | Assignment |
Owner name: GOOGLE INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WIDEVINE TECHNOLOGIES, INC.;REEL/FRAME:026535/0065 Effective date: 20110608 |
|
FEPP | Fee payment procedure |
Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: GOOGLE LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:GOOGLE INC.;REEL/FRAME:044101/0299 Effective date: 20170929 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551) Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.) |
|
FEPP | Fee payment procedure |
Free format text: PETITION RELATED TO MAINTENANCE FEES GRANTED (ORIGINAL EVENT CODE: PTGR) |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE UNDER 1.28(C) (ORIGINAL EVENT CODE: M1559) |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20220401 |